How severe is CVE-2023-48364?

This vulnerability has a severity rating of HIGH with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-48364?

This is classified as CWE-476, which is a common weakness in software security.

CVE-2023-48364 - HIGH Severity | CVSS 6.5

Vulnerability Description

A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain malformed RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server.

Related Vulnerabilities

CVE-2011-1802

MEDIUM

CVSS:6.5(Medium)

WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption).

CWE-4762011

CVE-2011-2691

MEDIUM

CVSS:6.5(Medium)

The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empt...

CWE-4762011

CVE-2015-8272

MEDIUM

CVSS:6.5(Medium)

RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash).

CWE-4762015

CVE-2015-8750

MEDIUM

CVSS:6.5(Medium)

libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file.

CWE-4762015

CVE-2015-8916

MEDIUM

CVSS:6.5(Medium)

bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NUL...

CWE-4762015

CVE-2016-10505

MEDIUM

CVSS:6.5(Medium)

NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in ...

CWE-4762016