PatchSiren cyber security CVE debrief
CVE-2023-33953 Siemens CVE debrief
CVE-2023-33953 is a HIGH severity vulnerability (CVSS 7.5) affecting Siemens SIMATIC RTLS Locating Manager systems, published on 2024-05-14 and last modified on 2024-06-11. The vulnerability stems from HPACK table accounting errors in the underlying gRPC implementation that can lead to denial-of-service conditions through three attack vectors: unbounded memory buffering in the HPACK parser, unbounded CPU consumption in the HPACK parser, and parsing loops controlled by malicious clients. The memory buffering issues include improper header size limit checking that allows buffering up to 4GB before rejection, infinite zero-prefix parsing in HPACK varints, and per-frame metadata overflow checks that enable infinite buffering through HEADERS/CONTINUATION frame sequences. The CPU consumption vulnerability arises from unbounded memory copy operations per input block that create client-controllable parsing loops. Seven specific product variants are affected, spanning multiple versions of the SIMATIC RTLS Locating Manager (6GT2780-0DA00, 6GT2780-0DA10, 6GT2780-0DA20, 6GT2780-0DA30, 6GT2780-1EA10, 6GT2780-1EA20, and 6GT2780-1EA30). Siemens has released a vendor fix in version V3.0.1.1 or later, available through Siemens Online Software Delivery (OSD). CISA and Siemens recommend defense-in-depth mitigations including host consolidation, Windows Server firewall hardening, and application of corporate security policies until patches can be deployed. This vulnerability is not currently listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Siemens
- Product
- SIMATIC RTLS Locating Manager (6GT2780-0DA00)
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-14
- Original CVE updated
- 2024-06-11
- Advisory published
- 2024-05-14
- Advisory updated
- 2024-06-11
Who should care
Organizations operating Siemens SIMATIC RTLS Locating Manager systems for real-time locating services in industrial environments, including manufacturing, logistics, and critical infrastructure facilities. Security teams responsible for OT/ICS network protection, Windows Server administrators hosting RTLS components, and compliance officers tracking industrial cybersecurity advisories should prioritize assessment and patching.
Technical summary
The vulnerability exists in the HPACK header compression parser used by gRPC, which is incorporated into Siemens SIMATIC RTLS Locating Manager. Three implementation flaws enable resource exhaustion: (1) deferred header size validation permits buffering up to 4GB before enforcement of 8-16KB limits, (2) HPACK varint encoding allows infinite zero-prefix bytes causing unbounded parsing, and (3) per-frame metadata overflow checking enables infinite buffering through HEADERS/CONTINUATION frame sequences. A fourth issue involves per-input-block memory copies creating client-controllable parsing loops. These flaws can be exploited remotely without authentication to cause denial-of-service through memory exhaustion or CPU consumption.
Defensive priority
high
Recommended defensive actions
- Apply vendor fix: Update affected SIMATIC RTLS Locating Manager installations to version V3.0.1.1 or later via Siemens Online Software Delivery (OSD)
- Implement network segmentation: Secure the Windows Server hosting RTLS Locating Manager with host-based firewall rules restricting access from untrusted networks
- Consolidate deployment: Install required RTLS Locating Manager components on a single host computer where possible to reduce attack surface
- Enforce access controls: Ensure only trusted personnel have administrative access to RTLS Locating Manager systems
- Apply system hardening: Implement Windows Server security hardening per corporate policies or current CIS/NSA hardening guidelines
- Monitor for anomalies: Implement network monitoring for unusual HTTP/2 traffic patterns or excessive resource consumption on affected systems
Evidence notes
Vulnerability description and affected products derived from CISA CSAF advisory ICSA-24-137-07. CVSS vector confirms network attack vector with low complexity, no privileges required, and high availability impact. Remediation guidance sourced from Siemens SSA-093430 advisory referenced in CISA documentation. Timeline dates per CVE record: published 2024-05-14, modified 2024-06-11.
Official resources
-
CVE-2023-33953 CVE record
CVE.org
-
CVE-2023-33953 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-14