PatchSiren cyber security CVE debrief
CVE-2023-30755 Siemens CVE debrief
A vulnerability in the web server of multiple Siemens SIMATIC and SIPLUS industrial communication processors allows a remote attacker with elevated privileges to cause a denial of service condition by improperly handling shutdown or reboot requests, leading to resource cleanup issues.
- Vendor
- Siemens
- Product
- SIMATIC CP 1242-7 V2 (incl. SIPLUS variants)
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-09-10
- Original CVE updated
- 2025-05-06
- Advisory published
- 2024-09-10
- Advisory updated
- 2025-05-06
Who should care
Industrial control system operators, OT security teams, and manufacturing organizations using Siemens SIMATIC CP communication processors, HMI panels, IPC diagnostic software, or TIM IRC units should prioritize assessment and remediation. Organizations in critical infrastructure sectors with deployed Siemens automation equipment are particularly affected.
Technical summary
The vulnerability exists in the web server implementation of affected Siemens industrial devices. When processing shutdown or reboot requests, the web server fails to properly manage resource cleanup, creating a condition where a remote attacker with elevated privileges can trigger a denial of service. The attack requires high privileges and has high attack complexity, limiting its exploitability but maintaining significant impact on availability for affected industrial control systems.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates where available: update SIMATIC CP 1242-7 V2, CP 1243-1 variants, CP 1243-7 LTE, and CP 1243-8 IRC to V3.5.20 or later; update SIPLUS TIM 1531 IRC and TIM 1531 IRC to V2.4.8 orlater
- For products with no fix planned (SIMATIC HMI Comfort Panels, SIMATIC IPC DiagBase, SIMATIC IPC DiagMonitor, SIMATIC WinCC Runtime Advanced), disable the web server as a workaround
- Implement network segmentation to restrict access to affected device web interfaces
- Apply principle of least privilege to limit accounts with elevated privileges that could exploit this vulnerability
- Monitor for unexpected shutdown or reboot requests to affected industrial control systems
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
The vulnerability description indicates the web server does not properly handle shutdown or reboot requests, which could lead to cleanup of certain resources. This improper resource handling allows a remote attacker with elevated privileges to trigger a denial of service condition. The CVSS 3.1 vector (AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H) reflects network attack vector, high attack complexity, high privileges required, and high availability impact.
Official resources
-
CVE-2023-30755 CVE record
CVE.org
-
CVE-2023-30755 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE-2023-30755 was published on 2024-09-10 and last modified on 2025-05-06. The vulnerability affects 12 Siemens industrial products including SIMATIC CP communication processors, HMI Comfort Panels, IPC diagnostic tools, and TIM IRC units.