PatchSiren cyber security CVE debrief
CVE-2023-41910 Siemens CVE debrief
A critical vulnerability in lldpd before version 1.0.17 allows remote attackers to trigger an out-of-bounds read on heap memory by sending a crafted CDP PDU packet containing specific CDP_TLV_ADDRESSES TLVs. The vulnerability exists in the cdp_decode function within daemon/protocols/cdp.c. This flaw affects Siemens SIMATIC and SIPLUS industrial communication processors that incorporate the vulnerable lldpd component. The issue was published on June 11, 2024, and carries a CVSS 3.1 score of 9.8 (Critical), indicating severe impact to confidentiality, integrity, and availability with network-based attack vector requiring no privileges or user interaction. Siemens has released firmware updates to address this vulnerability in affected products.
- Vendor
- Siemens
- Product
- SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0)
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-11
- Original CVE updated
- 2024-07-09
- Advisory published
- 2024-06-11
- Advisory updated
- 2024-07-09
Who should care
Industrial control system operators, OT security teams, network administrators managing Siemens SIMATIC/SIPLUS infrastructure, and organizations running lldpd on critical network infrastructure should prioritize this vulnerability. The critical CVSS score, remote exploitability, and presence in industrial communication processors elevate risk for manufacturing, energy, and critical infrastructure environments where these devices are deployed.
Technical summary
The vulnerability resides in the cdp_decode function of lldpd's CDP protocol implementation. A malicious actor can craft a CDP PDU packet with malformed CDP_TLV_ADDRESSES Type-Length-Value structures that cause the daemon to read beyond allocated heap memory boundaries. This is a classic out-of-bounds read vulnerability (CWE-125) in network protocol parsing code. The attack vector is network-based, requires no authentication, and can be exploited remotely. The CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C confirms critical severity with high impact across all security dimensions. Siemens has addressed this in firmware version 2.3 and later for affected SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, CP 1543SP-1, and SIPLUS ET 200SP variants.
Defensive priority
critical
Recommended defensive actions
- Apply vendor firmware updates to version 2.3 or later for all affected Siemens SIMATIC CP and SIPLUS ET 200SP communication processors
- Disable CDP protocol handling on affected devices if not required for network operations
- Implement network segmentation to restrict LLDP/CDP traffic to trusted management networks
- Monitor for anomalous CDP PDU traffic targeting industrial network infrastructure
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
- Verify lldpd component versions in third-party industrial devices and update to 1.0.17 or later where applicable
Evidence notes
The vulnerability description is sourced from CISA CSAF advisory ICSA-24-165-10, which references Siemens Security Advisory SSA-625862. The affected products are SIMATIC CP 1542SP-1, SIMATIC CP 1542SP-1 IRC, SIMATIC CP 1543SP-1, and corresponding SIPLUS variants. The root cause is an out-of-bounds read in lldpd's CDP protocol decoder when processing malformed CDP_TLV_ADDRESSES TLVs.
Official resources
-
CVE-2023-41910 CVE record
CVE.org
-
CVE-2023-41910 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-06-11