Siemens Desigo CC Product Family and SENTRON Powermanager
Summary
Siemens Desigo CC and SENTRON Powermanager are affected by a vulnerability (CVE-2023-38545) in the WIBU Systems CodeMeter Runtime component. A successful exploit could lead to code execution within the context of the current process. Siemens has provided an update and recommends applying it to affected systems.
IFF Assessment
A heap-based buffer overflow vulnerability exists in widely deployed Siemens industrial control systems, potentially leading to code execution.
Severity
Defender Context
This vulnerability in a third-party component highlights the importance of supply chain security and patching. Defenders should prioritize patching vulnerable Siemens Desigo CC and SENTRON Powermanager installations. The potential for code execution in industrial control systems can lead to significant disruptions or damage, making this vulnerability a high priority.