CVE-2023-35391 Microsoft CVE debrief

Who should care

Organizations operating Siemens ST7 ScadaConnect (6NH7997-5DA10-0AA0) in industrial control environments, critical infrastructure operators using Siemens SCADA systems, security teams managing ASP.NET Core SignalR deployments, and OT/ICS security practitioners responsible for patch management in manufacturing, energy, and utility sectors.

Technical summary

This vulnerability exists in ASP.NET Core SignalR and Visual Studio, affecting Siemens ST7 ScadaConnect industrial control product. The flaw allows information disclosure with local attack vector (AV:L), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). Exploitation yields high confidentiality impact (C:H) with no integrity or availability effects. The vulnerability has proof-of-concept exploit availability (E:P) with official vendor fix released (RL:O). Siemens remediation requires updating to ST7 ScadaConnect V1.1 or later.

Defensive priority

medium

Recommended defensive actions

• Update Siemens ST7 ScadaConnect to V1.1 or later version per vendor guidance
• Review and apply CISA ICS recommended practices for defense-in-depth security
• Monitor Siemens CERT portal for additional security advisories related to ST7 ScadaConnect
• Assess environment for other ASP.NET Core SignalR implementations that may require patching
• Implement network segmentation for industrial control systems per CISA guidance

Evidence notes

CVE published 2024-06-11. CISA CSAF advisory ICSA-24-165-04 published same date. Siemens SSA-341067 advisory confirms affected product and remediation. CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C.

Official resources