CVE-2023-28829
Published: 13 June 2023
Summary
CVE-2023-28829 is a low-severity Use of Obsolete Function (CWE-477) vulnerability in Siemens Simatic Pcs 7. Its CVSS base score is 3.9 (Low).
Operationally, ranked at the 28.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-32461
Vulnerability details
A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC…
more
(All versions < V8.0), SINAUT Software ST7sc (All versions). Before SIMATIC WinCC V8, legacy OPC services (OPC DA (Data Access), OPC HDA (Historical Data Access), and OPC AE (Alarms & Events)) were used per default. These services were designed on top of the Windows ActiveX and DCOM mechanisms and do not implement state-of-the-art security mechanisms for authentication and encryption of contents.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Institutionalized information sharing keeps developers aware of obsolete functions and the need to replace them with supported alternatives.
Regular reassessment flags use of obsolete functions whose security properties have degraded or whose replacements contain fixes for known weaknesses.
Eliminates reliance on functions or components explicitly declared obsolete and unsupported by their maintainers.
Software and firmware updates replace obsolete functions whose retained presence leaves systems exposed to publicly known weaknesses.