CVE-2023-48364: 
Siemens SIMATIC WinCC vulnerability analysis and mitigation

CVE-2023-48364 is a vulnerability discovered in multiple Siemens SIMATIC software products, including OpenPCS 7, SIMATIC BATCH, SIMATIC PCS 7, SIMATIC Route Control, and various versions of SIMATIC WinCC. The vulnerability was first disclosed on February 13, 2024, and affects the RPC (Remote Procedure Call) communication protocol implementation in these products. The affected systems include multiple versions of SIMATIC software products, with varying version constraints for each product line (Vendor Advisory).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) that occurs when the RPC communication protocol implementation fails to properly handle certain malformed RPC messages. The vulnerability has received a CVSS v3.1 Base Score of 6.5 (MEDIUM) with vector AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, and a CVSS v4.0 Base Score of 7.1 (HIGH) with vector CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N (Vendor Advisory).

When exploited, this vulnerability can cause a denial of service condition in the RPC server of the affected products. This impact specifically affects the availability of the system while not compromising confidentiality or integrity (Vendor Advisory).

Siemens has released updates for most affected products and recommends updating to the latest versions. Specific mitigations include ensuring that SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC PCS 7 stations communicate via encrypted channels by activating the 'Encrypted Communication' feature, which completely mitigates the vulnerability. For SIMATIC WinCC V7.4, no fix is currently planned (Vendor Advisory).