PatchSiren cyber security CVE debrief
CVE-2023-36792 Microsoft CVE debrief
CVE-2023-36792 is a Visual Studio Remote Code Execution vulnerability affecting Siemens ST7 ScadaConnect (6NH7997-5DA10-0AA0). Published on June 11, 2024, this vulnerability carries a HIGH severity CVSS score of 7.8. The vulnerability requires local attack vector access, low attack complexity, no privileges, but does require user interaction. Successful exploitation could result in high impact to confidentiality, integrity, and availability. The vulnerability has been assigned a proof-of-concept exploitation status with an official fix available. Siemens has released version 1.1 or later to address this vulnerability. CISA published advisory ICSA-24-165-04 to coordinate disclosure. No known exploitation in ransomware campaigns has been reported, and this vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Microsoft
- Product
- ST7 ScadaConnect (6NH7997-5DA10-0AA0)
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-11
- Original CVE updated
- 2024-06-11
- Advisory published
- 2024-06-11
- Advisory updated
- 2024-06-11
Who should care
Organizations operating Siemens ST7 ScadaConnect in industrial control system environments, particularly those using Visual Studio for SCADA development or configuration. Security teams responsible for OT/ICS asset management and patch management programs should prioritize this update given the high impact potential and proof-of-concept exploitation status.
Technical summary
This vulnerability exists in the Visual Studio component used by Siemens ST7 ScadaConnect, a product for connecting SCADA systems to remote terminal units. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates a local attack vector requiring user interaction but no privileges, with high impacts across all security dimensions. The proof-of-concept exploitation status suggests technical feasibility has been demonstrated. The attack surface is constrained by the local access and user interaction requirements, which typically limit exploitation to scenarios where an attacker has gained initial foothold or can convince a user to perform an action. The remediation path is straightforward through vendor-provided updates.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor fix: Update Siemens ST7 ScadaConnect to version 1.1 or later
- Review Siemens ProductCERT advisory SSA-341067 for detailed technical information
- Follow CISA ICS recommended practices for defense-in-depth strategies
- Implement principle of least privilege for user accounts accessing development environments
- Monitor for anomalous activity in Visual Studio and SCADA development environments
- Consider network segmentation for SCADA development systems from operational technology networks
Evidence notes
Source corpus indicates this vulnerability was disclosed through CISA's CSAF-based OT security advisory program. The advisory references Siemens ProductCERT security advisory SSA-341067 as the authoritative vendor source. CVSS vector confirms local attack vector with user interaction required, suggesting exploitation would likely involve social engineering or local access scenarios.
Official resources
-
CVE-2023-36792 CVE record
CVE.org
-
CVE-2023-36792 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Coordinated disclosure via CISA ICS advisory ICSA-24-165-04 and Siemens ProductCERT SSA-341067