Multiple Vulnerabilities in SIMATIC MV500 before V3.3.5

Act Now9.8SSA-099606Nov 14, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SIMATIC MV500 before V3.3.5 is affected by multiple vulnerabilities including buffer overflow (CWE-120), null pointer dereference (CWE-476), improper authentication (CWE-287), and other memory and access control issues. These vulnerabilities allow remote code execution and system compromise without authentication. Siemens has released firmware V3.3.5 which resolves these issues.

What this means

What could happen

Multiple vulnerabilities in the SIMATIC MV500 medium-voltage switchgear control system could allow an attacker to gain remote access, execute arbitrary code, or disrupt switchgear operations. This could cause unintended switching actions, loss of power control, or equipment damage in substations and distribution networks.

Who's at risk

This affects utilities and industrial facilities operating Siemens SIMATIC MV500 switchgear controllers, particularly in substations, distribution networks, and medium-voltage power management systems. Any organization using this control system for switchgear automation is at risk.

How it could be exploited

An attacker with network access to the SIMATIC MV500 device could exploit one or more of these vulnerabilities to bypass authentication, trigger memory corruption, or execute arbitrary commands on the control system. No user interaction is required, and exploitation complexity is low.

Prerequisites

Network access to the SIMATIC MV500 device
Device running firmware version before V3.3.5
No authentication required for exploitation

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)multiple vulnerability types

Exploitability

Moderate exploit probability (EPSS 2.4%)

Affected products (1)

ProductAffected VersionsFix Status

SIMATIC MV500 family<V3.3.53.3.5

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC MV500 firmware to version 3.3.5 or later

CVEs (8)

CVE-2022-23218 CVE-2022-23219 CVE-2022-44792 CVE-2022-44793 CVE-2023-2975 CVE-2023-3446 CVE-2023-3817 CVE-2023-35788

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f9f39df2-a051-4137-80e5-e0d215f3a76f