LiveActive security incident?Get immediate response
CVE Record

CVE-2023-46280: A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation...

A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC S7-PCT (All versions < V3.5 SP3 Update 6), SIMATIC STEP 7 V5 (All versions < V5.7 SP3), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions < V3.3.12), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2), SINEC NMS (All versions < V3.0 SP1). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.

HighCVSS 8.2Not KEV-listedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

This Siemens industrial software issue can let a low-privileged local attacker crash the underlying Windows kernel, causing a Blue Screen of Death. The main business risk is loss of availability on engineering, HMI, SCADA, or operational systems that depend on affected Siemens software.

Executive priority

Treat this as high priority where affected Siemens software supports live operations. It is availability-focused, but a kernel crash on OT engineering or HMI systems can interrupt production, delay recovery, and increase operational risk.

Technical view

CVE-2023-46280 is a CWE-125 out-of-bounds read across many Siemens SIMATIC, WinCC, TIA Portal, SINEC, SINUMERIK, and related products. CVSS 4.0 is 8.2 with local access, low complexity, low privileges, no user interaction, and high availability impact.

Likely exposure

Exposure is most likely on Windows systems running affected Siemens engineering, automation, HMI, SCADA, networking, or plant-management software. The source bundle lists broad product coverage and many version-specific fixed thresholds, but some entries show all versions or unclear status.

Exploitation context

The source bundle does not confirm active exploitation, and CISA KEV status is false. The attacker model is local, low-privileged access without user interaction. Impact is denial of availability through a Windows kernel crash, not disclosed code execution or data theft.

Researcher notes

Evidence supports local, low-privileged denial of service via out-of-bounds read. The affected surface is unusually broad across Siemens OT software families. The bundle does not provide exploit details, active exploitation evidence, or complete remediation clarity for every listed product.

Mitigation direction

  • Inventory Siemens products and versions against the linked Siemens advisories.
  • Upgrade affected products to Siemens-listed fixed versions where available.
  • Restrict local logon, remote desktop, and jump-host access to affected Windows systems.
  • Prioritize remediation for HMI, engineering, SCADA, and production-support hosts.
  • Monitor Siemens guidance for products listed as all versions or unclear remediation.

Validation and detection

  • Confirm exact Siemens product names and installed versions on Windows hosts.
  • Compare installed versions with affected ranges in Siemens advisories.
  • Verify each remediated host shows the Siemens-listed fixed version or later.
  • Review Windows crash telemetry for BSOD events on affected operational systems.
  • Confirm low-privileged local access is limited to required personnel only.
Prepared
Confidence
high
Sources
5

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-125: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2023-46280 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
High
CVSS
8.2 (4.0)
Known Exploited
No
Published

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

2CVSS vectors
3Timeline events
2ADP providers
4Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

CVSS vector scores

2 official scores

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
8.2CVSS 4.0HighCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:Hsiemens
6.5CVSS 3.1MediumCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C24siemens

Vulnerability scoring details

Base CVSS 4.0 score

8.2High
CVSS 4.0 vector shape for CVE-2023-46280Attack VectorAttack ComplexityAttack RequirementsPrivileges RequiredUser InteractionVS ConfidentialityVS IntegrityVS AvailabilitySS ConfidentialitySS IntegritySS Availability

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Attack Requirements
NonePresent
Privileges Required
NoneLowHigh
User Interaction
NonePassiveActive
VS Confidentiality
HighLowNone
VS Integrity
HighLowNone
VS Availability
HighLowNone
SS Confidentiality
HighLowNone
SS Integrity
HighLowNone
SS Availability
HighLowNone

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
SiemensSecurity Configuration Tool (SCT)0unknown
SiemensSIMATIC Automation Tool0unknown
SiemensSIMATIC BATCH V9.10unknown
SiemensSIMATIC NET PC Software V160unknown
SiemensSIMATIC NET PC Software V170unknown
SiemensSIMATIC NET PC Software V180unknown
SiemensSIMATIC NET PC Software V190unknown
SiemensSIMATIC PCS 7 V9.10unknown
SiemensSIMATIC PDM V9.20unknown
SiemensSIMATIC Route Control V9.10unknown
SiemensSIMATIC S7-PCT0unknown
SiemensSIMATIC STEP 7 V50unknown
SiemensSIMATIC WinCC OA V3.170unknown
SiemensSIMATIC WinCC OA V3.180unknown
SiemensSIMATIC WinCC OA V3.190unknown
SiemensSIMATIC WinCC Runtime Advanced0unknown
SiemensSIMATIC WinCC Runtime Professional V160unknown
SiemensSIMATIC WinCC Runtime Professional V170unknown
SiemensSIMATIC WinCC Runtime Professional V180unknown
SiemensSIMATIC WinCC Runtime Professional V190unknown
SiemensSIMATIC WinCC V7.40unknown
SiemensSIMATIC WinCC V7.50unknown
SiemensSIMATIC WinCC V8.00unknown
SiemensSINAMICS Startdrive0unknown
SiemensSINEC NMS0unknown
SiemensSINUMERIK ONE virtual0unknown
SiemensSINUMERIK PLC Programming Tool0unknown
SiemensTIA Portal Cloud Connector0unknown
SiemensTotally Integrated Automation Portal (TIA Portal) V15.10unknown
SiemensTotally Integrated Automation Portal (TIA Portal) V160unknown
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-125 · source CWE mapping

Out-of-bounds Read

Out-of-bounds Read represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.