{"api_version":"1","generated_at":"2026-06-13T12:40:58+00:00","cve":"CVE-2023-46280","urls":{"html":"https://cve.report/CVE-2023-46280","api":"https://cve.report/api/cve/CVE-2023-46280.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-46280","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-46280"},"summary":{"title":"CVE-2023-46280","description":"A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC S7-PCT (All versions < V3.5 SP3 Update 6), SIMATIC STEP 7 V5 (All versions < V5.7 SP3), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions < V3.3.12), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2), SINEC NMS (All versions < V3.0 SP1). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.","state":"PUBLISHED","assigner":"siemens","published_at":"2024-05-14 16:15:40","updated_at":"2026-06-09 10:16:29"},"problem_types":["CWE-125","CWE-125 CWE-125: Out-of-bounds Read"],"metrics":[{"version":"4.0","source":"productcert@siemens.com","type":"Secondary","score":"8.2","severity":"HIGH","vector":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"DECLARED","score":"8.2","severity":"HIGH","vector":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H","data":{"baseScore":8.2,"baseSeverity":"HIGH","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H","version":"4.0"}},{"version":"3.1","source":"productcert@siemens.com","type":"Secondary","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C","data":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C","version":"3.1"}}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-331112.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-331112.html","refsource":"productcert@siemens.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-962515.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-962515.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-784301.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-784301.html","refsource":"productcert@siemens.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-46280","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46280","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Siemens","product":"Security Configuration Tool (SCT)","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SIMATIC Automation Tool","version":"affected V5.0 SP2 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SIMATIC BATCH V9.1","version":"affected V9.1 SP2 Upd5 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SIMATIC NET PC Software V16","version":"affected V16 Update 8 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SIMATIC NET PC Software V17","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SIMATIC NET PC Software V18","version":"affected V18 SP1 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SIMATIC NET PC Software V19","version":"affected V19 Update 2 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SIMATIC PCS 7 V9.1","version":"affected V9.1 SP2 UC05 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SIMATIC PDM V9.2","version":"affected V9.2 SP2 Upd3 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SIMATIC Route Control V9.1","version":"affected V9.1 SP2 Upd3 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SIMATIC S7-PCT","version":"affected V3.5 SP3 Update 6 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SIMATIC STEP 7 V5","version":"affected V5.7 SP3 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SIMATIC WinCC OA V3.17","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SIMATIC WinCC OA V3.18","version":"affected V3.18 P025 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SIMATIC WinCC OA V3.19","version":"affected V3.19 P010 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SIMATIC WinCC Runtime Advanced","version":"affected V17 Update 8 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SIMATIC WinCC Runtime Professional V16","version":"affected V16 Update 6 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SIMATIC WinCC Runtime Professional V17","version":"affected V17 Update 8 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SIMATIC WinCC Runtime Professional V18","version":"affected V18 Update 4 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SIMATIC WinCC Runtime Professional V19","version":"affected V19 Update 2 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SIMATIC WinCC V7.4","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SIMATIC WinCC V7.5","version":"affected V7.5 SP2 Update 17 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SIMATIC WinCC V8.0","version":"affected V8.0 Update 5 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SINAMICS Startdrive","version":"affected V19 SP1 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SINEC NMS","version":"affected V3.0 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SINUMERIK ONE virtual","version":"affected V6.23 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SINUMERIK PLC Programming Tool","version":"affected V3.3.12 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"TIA Portal Cloud Connector","version":"affected V2.0 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Totally Integrated Automation Portal (TIA Portal) V15.1","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Totally Integrated Automation Portal (TIA Portal) V16","version":"affected * custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Totally Integrated Automation Portal (TIA Portal) V17","version":"affected V17 Update 8 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Totally Integrated Automation Portal (TIA Portal) V18","version":"affected V18 Update 4 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"Totally Integrated Automation Portal (TIA Portal) V19","version":"affected V19 Update 2 custom","platforms":[]},{"source":"CNA","vendor":"Siemens","product":"SINEC NMS","version":"affected V3.0 SP1 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2023","cve_id":"46280","cve":"CVE-2023-46280","epss":"0.000490000","percentile":"0.157230000","score_date":"2026-06-12","updated_at":"2026-06-13 00:07:16"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2023-46280","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2024-05-29T14:20:28.448026Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2024-06-04T17:22:08.819Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"providerMetadata":{"dateUpdated":"2024-08-02T20:37:40.324Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"https://cert-portal.siemens.com/productcert/html/ssa-962515.html"}],"title":"CVE Program Container"}],"cna":{"affected":[{"defaultStatus":"unknown","product":"Security Configuration Tool (SCT)","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC Automation Tool","vendor":"Siemens","versions":[{"lessThan":"V5.0 SP2","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC BATCH V9.1","vendor":"Siemens","versions":[{"lessThan":"V9.1 SP2 Upd5","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC NET PC Software V16","vendor":"Siemens","versions":[{"lessThan":"V16 Update 8","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC NET PC Software V17","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC NET PC Software V18","vendor":"Siemens","versions":[{"lessThan":"V18 SP1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC NET PC Software V19","vendor":"Siemens","versions":[{"lessThan":"V19 Update 2","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC PCS 7 V9.1","vendor":"Siemens","versions":[{"lessThan":"V9.1 SP2 UC05","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC PDM V9.2","vendor":"Siemens","versions":[{"lessThan":"V9.2 SP2 Upd3","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC Route Control V9.1","vendor":"Siemens","versions":[{"lessThan":"V9.1 SP2 Upd3","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-PCT","vendor":"Siemens","versions":[{"lessThan":"V3.5 SP3 Update 6","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC STEP 7 V5","vendor":"Siemens","versions":[{"lessThan":"V5.7 SP3","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC WinCC OA V3.17","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC WinCC OA V3.18","vendor":"Siemens","versions":[{"lessThan":"V3.18 P025","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC WinCC OA V3.19","vendor":"Siemens","versions":[{"lessThan":"V3.19 P010","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC WinCC Runtime Advanced","vendor":"Siemens","versions":[{"lessThan":"V17 Update 8","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC WinCC Runtime Professional V16","vendor":"Siemens","versions":[{"lessThan":"V16 Update 6","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC WinCC Runtime Professional V17","vendor":"Siemens","versions":[{"lessThan":"V17 Update 8","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC WinCC Runtime Professional V18","vendor":"Siemens","versions":[{"lessThan":"V18 Update 4","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC WinCC Runtime Professional V19","vendor":"Siemens","versions":[{"lessThan":"V19 Update 2","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC WinCC V7.4","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC WinCC V7.5","vendor":"Siemens","versions":[{"lessThan":"V7.5 SP2 Update 17","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC WinCC V8.0","vendor":"Siemens","versions":[{"lessThan":"V8.0 Update 5","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SINAMICS Startdrive","vendor":"Siemens","versions":[{"lessThan":"V19 SP1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SINEC NMS","vendor":"Siemens","versions":[{"lessThan":"V3.0","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SINUMERIK ONE virtual","vendor":"Siemens","versions":[{"lessThan":"V6.23","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SINUMERIK PLC Programming Tool","vendor":"Siemens","versions":[{"lessThan":"V3.3.12","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"TIA Portal Cloud Connector","vendor":"Siemens","versions":[{"lessThan":"V2.0","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Totally Integrated Automation Portal (TIA Portal) V15.1","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Totally Integrated Automation Portal (TIA Portal) V16","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Totally Integrated Automation Portal (TIA Portal) V17","vendor":"Siemens","versions":[{"lessThan":"V17 Update 8","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Totally Integrated Automation Portal (TIA Portal) V18","vendor":"Siemens","versions":[{"lessThan":"V18 Update 4","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"Totally Integrated Automation Portal (TIA Portal) V19","vendor":"Siemens","versions":[{"lessThan":"V19 Update 2","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SINEC NMS","vendor":"Siemens","versions":[{"lessThan":"V3.0 SP1","status":"affected","version":"0","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC S7-PCT (All versions < V3.5 SP3 Update 6), SIMATIC STEP 7 V5 (All versions < V5.7 SP3), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions < V3.3.12), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2), SINEC NMS (All versions < V3.0 SP1). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel."}],"metrics":[{"cvssV3_1":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C","version":"3.1"}},{"cvssV4_0":{"baseScore":8.2,"baseSeverity":"HIGH","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H","version":"4.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-125","description":"CWE-125: Out-of-bounds Read","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-09T08:46:42.279Z","orgId":"cec7a2ec-15b4-4faf-bd53-b40f371f3a77","shortName":"siemens"},"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-962515.html"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-784301.html"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-331112.html"}]}},"cveMetadata":{"assignerOrgId":"cec7a2ec-15b4-4faf-bd53-b40f371f3a77","assignerShortName":"siemens","cveId":"CVE-2023-46280","datePublished":"2024-05-14T10:01:52.069Z","dateReserved":"2023-10-20T08:02:52.794Z","dateUpdated":"2026-06-09T08:46:42.279Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2024-05-14 16:15:40","lastModifiedDate":"2026-06-09 10:16:29","problem_types":["CWE-125","CWE-125 CWE-125: Out-of-bounds Read"],"metrics":{"cvssMetricV40":[{"source":"productcert@siemens.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"productcert@siemens.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2,"impactScore":4}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2023","CveId":"46280","Ordinal":"1","Title":"CVE-2023-46280","CVE":"CVE-2023-46280","Year":"2023"},"notes":[{"CveYear":"2023","CveId":"46280","Ordinal":"1","NoteData":"A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC S7-PCT (All versions < V3.5 SP3 Update 6), SIMATIC STEP 7 V5 (All versions < V5.7 SP3), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions < V3.3.12), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2), SINEC NMS (All versions < V3.0 SP1). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.","Type":"Description","Title":"CVE-2023-46280"}]}}}