CVE-2023-52891

MEDIUM

SIMATIC Energy Manager < V7.5, SIMATIC IPC DiagBase/Monitor, SIMIT < V11.1 - DoS via OPC UA Server SDK

Title source: llm

Description

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server.

References (1)

Core 1

Core References

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-088132.html

Scores

CVSS v3 5.3

EPSS 0.0012

EPSS Percentile 29.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-1325

Status published

Products (6)

Siemens/SIMATIC Energy Manager Basic < V7.5

Siemens/SIMATIC Energy Manager PRO < V7.5

Siemens/SIMATIC IPC DiagBase

Siemens/SIMATIC IPC DiagMonitor

Siemens/SIMIT V10

Siemens/SIMIT V11 < V11.1

Published Jul 09, 2024

Tracked Since Feb 18, 2026