PatchSiren cyber security CVE debrief
CVE-2023-46280 Siemens CVE debrief
CVE-2023-46280 is a medium-severity out-of-bounds read vulnerability in Siemens SINEC NMS that can trigger a Windows kernel Blue Screen of Death (BSOD). Published on November 12, 2024, this local attack vector requires low privileges and no user interaction, with availability impact rated high per CVSS 3.1 scoring. The vulnerability stems from improper bounds checking during memory read operations in the affected network management software. Exploitation could cause system crashes, potentially disrupting industrial control system operations where SINEC NMS is deployed for network monitoring and management. Siemens has released version 3.0 SP1 as a remediation. The attack complexity is low and the scope is changed, indicating impact beyond the vulnerable component to the underlying Windows kernel. While not listed in CISA's Known Exploited Vulnerabilities catalog, organizations should prioritize patching given the potential for operational technology disruption.
- Vendor
- Siemens
- Product
- Security Configuration Tool (SCT)
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-14
- Original CVE updated
- 2024-12-10
- Advisory published
- 2024-05-14
- Advisory updated
- 2024-12-10
Who should care
Organizations operating Siemens SINEC NMS for industrial network management, particularly in critical infrastructure sectors. System administrators responsible for OT/ICS environments. Security teams monitoring for local privilege escalation and denial-of-service conditions in Windows-based industrial systems.
Technical summary
Out-of-bounds read in Siemens SINEC NMS allows local attackers with low privileges to crash the Windows kernel via BSOD. CVSS 3.1: 6.5 (MEDIUM). Attack vector: local, complexity: low, privileges: low, user interaction: none. Scope changed due to kernel impact. Remediated in V3.0 SP1.
Defensive priority
medium
Recommended defensive actions
- Apply Siemens SINEC NMS update to version 3.0 SP1 or later to remediate the out-of-bounds read vulnerability
- Restrict local access to SINEC NMS systems to authorized personnel only, following principle of least privilege
- Monitor Windows systems running SINEC NMS for unexpected crashes or BSOD events that may indicate exploitation attempts
- Implement network segmentation for industrial control systems per CISA ICS recommended practices
- Review and update incident response procedures to address potential operational disruptions from system crashes
Evidence notes
Vulnerability details sourced from CISA ICS advisory ICSA-24-319-04 and Siemens security advisory SSA-331112. CVSS vector confirms local attack vector with low attack complexity and high availability impact. Remediation guidance specifies update to SINEC NMS V3.0 SP1 or later.
Official resources
-
CVE-2023-46280 CVE record
CVE.org
-
CVE-2023-46280 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-11-12