PatchSiren cyber security CVE debrief
CVE-2023-28827 Siemens CVE debrief
A medium-severity denial-of-service vulnerability in Siemens SIMATIC and related industrial communication products. The web server component fails to properly handle certain requests, triggering a watchdog timeout that leads to pointer cleanup and system unavailability. A remote attacker can exploit this without authentication to disrupt industrial control operations.
- Vendor
- Siemens
- Product
- SIMATIC CP 1242-7 V2 (incl. SIPLUS variants)
- CVSS
- MEDIUM 5.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-09-10
- Original CVE updated
- 2025-05-06
- Advisory published
- 2024-09-10
- Advisory updated
- 2025-05-06
Who should care
Industrial control system operators, OT security engineers, manufacturing facility IT/OT teams, critical infrastructure asset owners using Siemens SIMATIC communication processors, HMI panels, or TIM routers
Technical summary
The vulnerability exists in the embedded web server of affected Siemens industrial devices. When processing malformed or specifically crafted HTTP requests, the web server enters a state that causes the system watchdog timer to expire. This timeout triggers cleanup routines that invalidate pointers, resulting in a denial-of-service condition that requires device restart to recover. The attack complexity is rated HIGH due to timing or crafting requirements, but successful exploitation requires no authentication and can be performed remotely over the network. The CVSS 3.1 score of 5.9 reflects medium severity with primary impact to availability. Twelve product variants are affected, with patch availability varying by product family—some receiving versioned fixes while others have no planned remediation.
Defensive priority
medium
Recommended defensive actions
- Apply vendor patches where available: update SIMATIC CP 1242-7 V2, CP 1243-1 variants, CP 1243-7 LTE, and CP 1243-8 IRC to V3.5.20 or later
- Apply vendor patches where available: update SIPLUS TIM 1531 IRC and TIM 1531 IRC to V2.4.8 or later
- Disable the web server on affected devices as a workaround if patching is not immediately feasible
- Implement network segmentation to restrict web server access to authorized engineering workstations only
- Monitor for unexpected device reboots or watchdog timeout events in industrial network logs
- For SIMATIC HMI Comfort Panels, SIMATIC IPC DiagBase, SIMATIC IPC DiagMonitor, and SIMATIC WinCC Runtime Advanced: no fix is planned; prioritize workaround implementation or replacement planning
Evidence notes
CISA published advisory ICSA-24-256-09 on 2024-09-10, with a revision on 2025-05-06 for typo corrections. Siemens issued security advisory SSA-423808. The vulnerability affects 12 product variants across SIMATIC CP communication processors, HMI panels, IPC diagnostic tools, and TIM industrial routers. CVSS 3.1 vector confirms network attack vector with high attack complexity, no privileges required, and high availability impact.
Official resources
-
CVE-2023-28827 CVE record
CVE.org
-
CVE-2023-28827 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
public