IM
IronMonkey Threat Research
‹ Back to ICS Advisories

SSA-962515: Out of Bounds Read Vulnerability in Industrial Products

MEDIUM
CVSS 6.5
Date 2026-06-09T00:00:00+00:00
Source siemens-productcert
Published by Siemens ProductCERT

// Description

Several industrial products contain an out of bounds read vulnerability that could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel, leading to denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.

// Vulnerabilities (1)

CVE ID CVSS Score Severity Description
CVE-2023-46280 6.5 medium
CVE-2023-46280. The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.

// Affected Products (21)

Vendor Product Asset Type Purdue Level Firmware
Siemens Unknown engineering_workstation
L3
--
Siemens Unknown hmi
L2
--
Siemens Unknown hmi
L2
--
Siemens Unknown engineering_workstation
L3
--
Siemens Unknown hmi
L2
--
Siemens Unknown rtu
L1
--
Siemens Unknown engineering_workstation
L3
--
Siemens Unknown engineering_workstation
L3
--
Siemens Unknown plc
L1
--
Siemens Unknown engineering_workstation
L3
--
Siemens Unknown hmi
L2
--
Siemens Unknown hmi
L2
--
Siemens Unknown hmi
L2
--
Siemens Unknown hmi
L2
--
Siemens Unknown engineering_workstation
L3
--
Siemens Unknown plc
L1
--
Siemens Unknown engineering_workstation
L3
--
Siemens Unknown hmi
L2
--
Siemens Unknown hmi
L2
--
Siemens Unknown hmi
L2
--
Siemens Unknown hmi
L2
--

// Remediations (53)

Patch: Update to V19 Update 2 or later version
Update to V19 Update 2 or later version
Patch: Update to V16 Update 6 or later version
Update to V16 Update 6 or later version
Patch: Update to V9.1 SP2 Upd3 or later version
Update to V9.1 SP2 Upd3 or later version
Patch: Update to V5.7 SP3 or later version
Update to V5.7 SP3 or later version
Patch: Update to V9.2 SP2 Upd3 or later version
Update to V9.2 SP2 Upd3 or later version
Patch: Update to V3.19 P010 or later version
Update to V3.19 P010 or later version
Patch: Update to V3.3.12 or later version PLC Programming Tool V3.3.12 or later versions are integrated in
Update to V3.3.12 or later version PLC Programming Tool V3.3.12 or later versions are integrated in SINUMERIK 828D Toolbox version V5.24 or later; Updated software version can be obtained from Siemens customer support or a local partner.
Patch: Update to V18 Update 4 or later version
Update to V18 Update 4 or later version
Patch: Update to V19 Update 2 or later version
Update to V19 Update 2 or later version
Patch: Update to V5.0 SP2 or later version
Update to V5.0 SP2 or later version
Patch: Update to V17 Update 8 or later version
Update to V17 Update 8 or later version
Patch: Update to V2.0 or later version
Update to V2.0 or later version
Patch: Update to V9.1 SP2 UC05 or later version
Update to V9.1 SP2 UC05 or later version
Patch: Update to V8.0 Update 5 or later version
Update to V8.0 Update 5 or later version
Patch: Update to V6.23 or later version
Update to V6.23 or later version
Patch: Update to V18 Update 4 or later version
Update to V18 Update 4 or later version
Patch: Update to V17 Update 8 or later version
Update to V17 Update 8 or later version
Patch: Update to V3.18 P025 or later version
Update to V3.18 P025 or later version
Patch: Update to V19 SP1 or later version
Update to V19 SP1 or later version
Patch: Update to V16 Update 8 or later version
Update to V16 Update 8 or later version
Patch: Update to V19 Update 2 or later version
Update to V19 Update 2 or later version
Patch: Update to V19 Update 2 or later version
Update to V19 Update 2 or later version
Patch: Update to V9.1 SP2 Upd5 or later version
Update to V9.1 SP2 Upd5 or later version
Patch: Update to V7.5 SP2 Update 17 or later version
Update to V7.5 SP2 Update 17 or later version
Patch: Update to V3.5 SP3 Update 6 or later version
Update to V3.5 SP3 Update 6 or later version
Patch: Update to V18 SP1 or later version
Update to V18 SP1 or later version
Patch: Update to V2.0 or later version
Update to V2.0 or later version
Patch: Update to V3.0 SP1 or later version
Update to V3.0 SP1 or later version
Patch: Update to V3.0 or later version
Update to V3.0 or later version
Patch: Update to V5.0 SP2 or later version
Update to V5.0 SP2 or later version
Patch: Update to V6.23 or later version
Update to V6.23 or later version
Patch: Update to V9.2 SP2 Upd3 or later version
Update to V9.2 SP2 Upd3 or later version
Patch: Update to V16 Update 8 or later version
Update to V16 Update 8 or later version
Patch: Update to V19 Update 2 or later version
Update to V19 Update 2 or later version
Patch: Update to V9.1 SP2 UC05 or later version
Update to V9.1 SP2 UC05 or later version
Patch: Update to V9.1 SP2 Upd5 or later version
Update to V9.1 SP2 Upd5 or later version
Patch: Update to V16 Update 6 or later version
Update to V16 Update 6 or later version
Patch: Update to V18 SP1 or later version
Update to V18 SP1 or later version
Patch: Update to V8.0 Update 5 or later version
Update to V8.0 Update 5 or later version
Patch: Update to V9.1 SP2 Upd3 or later version
Update to V9.1 SP2 Upd3 or later version
Patch: Update to V7.5 SP2 Update 17 or later version
Update to V7.5 SP2 Update 17 or later version
Patch: Update to V5.7 SP3 or later version
Update to V5.7 SP3 or later version
Patch: Update to V18 Update 4 or later version
Update to V18 Update 4 or later version
Patch: Update to V17 Update 8 or later version
Update to V17 Update 8 or later version
Patch: Update to V18 Update 4 or later version
Update to V18 Update 4 or later version
Patch: Update to V17 Update 8 or later version
Update to V17 Update 8 or later version
Patch: Update to V3.19 P010 or later version
Update to V3.19 P010 or later version
Patch: Update to V3.3.12 or later version PLC Programming Tool V3.3.12 or later versions are integrated in
Update to V3.3.12 or later version PLC Programming Tool V3.3.12 or later versions are integrated in SINUMERIK 828D Toolbox version V5.24 or later; Updated software version can be obtained from Siemens customer support or a local partner.
Patch: Update to V19 Update 2 or later version
Update to V19 Update 2 or later version
Patch: Update to V3.5 SP3 Update 6 or later version
Update to V3.5 SP3 Update 6 or later version
Patch: Update to V19 SP1 or later version
Update to V19 SP1 or later version
Patch: Update to V3.18 P025 or later version
Update to V3.18 P025 or later version
Patch: Update to V17 Update 8 or later version
Update to V17 Update 8 or later version

// References