PatchSiren cyber security CVE debrief
CVE-2023-50763 Siemens CVE debrief
A denial-of-service vulnerability exists in Siemens SIMATIC and SIPLUS communication processors. When the web server is configured to allow PKCS12 certificate container import, processing incomplete certificate chains can trigger an infinite loop. An authenticated remote attacker can exploit this by importing a crafted PKCS12 container, causing the device to become unresponsive. The vulnerability requires network access and valid credentials, limiting exposure to authenticated attackers only.
- Vendor
- Siemens
- Product
- SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0)
- CVSS
- MEDIUM 4.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-11
- Original CVE updated
- 2024-07-09
- Advisory published
- 2024-06-11
- Advisory updated
- 2024-07-09
Who should care
Asset owners and operators of Siemens SIMATIC S7-1500 and ET 200SP systems using affected communication processor modules. Security teams responsible for industrial control system infrastructure, particularly those managing certificate lifecycle operations on PLC and distributed I/O communication modules. Organizations subject to NERC CIP, IEC 62443, or similar industrial cybersecurity frameworks requiring vulnerability management for control system assets.
Technical summary
The vulnerability stems from improper handling of incomplete certificate chains during PKCS12 container parsing. When the web server processes a malformed or incomplete certificate chain within a PKCS12 file, the parsing routine enters an infinite loop rather than failing gracefully. This results in complete loss of availability for the affected communication processor. The attack requires: (1) network connectivity to the device's web interface, (2) valid authentication credentials, and (3) the device configuration must permit PKCS12 import operations. The affected products are industrial communication processors used in Siemens SIMATIC S7-1500 and ET 200SP distributed I/O systems, commonly deployed in manufacturing and process control environments.
Defensive priority
medium
Recommended defensive actions
- Update affected devices to firmware version V2.3 or later
- Restrict network access to device web interfaces using firewall rules
- Disable PKCS12 import functionality if not required for operations
- Monitor for unusual authentication patterns or certificate import activities
- Apply defense-in-depth strategies per CISA ICS recommended practices
Evidence notes
The vulnerability was disclosed by CISA on June 11, 2024, via ICSA-24-165-10, with Siemens publishing coordinated advisory SSA-625862. The issue affects six product variants across SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, CP 1543SP-1, and corresponding SIPLUS ET 200SP industrial communication modules. The CVSS 3.1 vector (AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) reflects network accessibility with high privilege requirements and high availability impact.
Official resources
-
CVE-2023-50763 CVE record
CVE.org
-
CVE-2023-50763 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-06-11