CVE-2023-48363: 
Siemens SIMATIC WinCC vulnerability analysis and mitigation

CVE-2023-48363 is a NULL Pointer Dereference vulnerability discovered in multiple Siemens SIMATIC products. The vulnerability affects various versions of OpenPCS 7 V9.1, SIMATIC BATCH V9.1, SIMATIC PCS 7 V9.1, SIMATIC Route Control V9.1, SIMATIC WinCC Runtime Professional (V18 and V19), and SIMATIC WinCC (V7.4, V7.5, and V8.0). The vulnerability was first disclosed on February 13, 2024, and involves improper handling of unorganized RPC messages in the RPC communication protocol implementation (Siemens Advisory).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) in the RPC (Remote Procedure Call) communication protocol implementation. It has received a CVSS v3.1 base score of 6.5 (MEDIUM) with the vector string AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, and a CVSS v4.0 base score of 7.1 (HIGH) with the vector string CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N. The vulnerability requires access from an adjacent network and has low attack complexity (CISA Advisory, Siemens Advisory).

Successful exploitation of this vulnerability could allow an attacker to cause a persistent denial-of-service condition in the RPC Server of the affected products. The impact is primarily focused on system availability, with no direct effect on confidentiality or integrity (CISA Advisory).

Siemens has released multiple updates and mitigations for affected products. Key recommendations include updating to the latest versions: SIMATIC WinCC V7.5 to V7.5 SP2 Update 15, WinCC V8.0 to V8.0 Update 4, WinCC Runtime Professional V18 to V18 Update 4, V19 to V19 Update 2, and PCS 7 V9.1 to V9.1 SP2 UC05. Additionally, Siemens recommends ensuring that SIMATIC WinCC, WinCC Runtime Professional, and PCS 7 stations communicate via encrypted channels by activating the 'Encrypted Communication' feature, which completely mitigates the vulnerability (Siemens Advisory).