Lucene search
HistoryOct 11, 2022 - 11:15 a.m.
CVE-2022-40227
cve-2022-40227
simatic
hmi comfort panels
ktp mobile panels
denial of service
tcp
vulnerability
nvd
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
56.1%
A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V17 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V17 Update 4), SIMATIC HMI KTP1200 Basic (All versions < V17 Update 5), SIMATIC HMI KTP400 Basic (All versions < V17 Update 5), SIMATIC HMI KTP700 Basic (All versions < V17 Update 5), SIMATIC HMI KTP900 Basic (All versions < V17 Update 5), SIPLUS HMI KTP1200 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP400 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP700 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP900 BASIC (All versions < V17 Update 5). Affected devices do not properly validate input sent to certain services over TCP. This could allow an unauthenticated remote attacker to cause a permanent denial of service condition (requiring a device reboot) by sending specially crafted TCP packets.
Affected configurations
Node
siemenssimatic_hmi_comfort_panels_firmwareRange<17.0
ORsiemenssimatic_hmi_comfort_panels_firmwareMatch17.0-
ORsiemenssimatic_hmi_comfort_panels_firmwareMatch17.0update1
ORsiemenssimatic_hmi_comfort_panels_firmwareMatch17.0update2
ORsiemenssimatic_hmi_comfort_panels_firmwareMatch17.0update3
siemenssimatic_hmi_comfort_panelsMatch-
Node
siemenssimatic_hmi_ktp400_basic_firmwareRange<17.0
ORsiemenssimatic_hmi_ktp400_basic_firmwareMatch17.0-
ORsiemenssimatic_hmi_ktp400_basic_firmwareMatch17.0udpate1
ORsiemenssimatic_hmi_ktp400_basic_firmwareMatch17.0update2
ORsiemenssimatic_hmi_ktp400_basic_firmwareMatch17.0update3
ORsiemenssimatic_hmi_ktp400_basic_firmwareMatch17.0update4
siemenssimatic_hmi_ktp400_basicMatch-
Node
siemenssimatic_hmi_ktp700_basic_firmwareRange<17.0
ORsiemenssimatic_hmi_ktp700_basic_firmwareMatch17.0-
ORsiemenssimatic_hmi_ktp700_basic_firmwareMatch17.0udpate1
ORsiemenssimatic_hmi_ktp700_basic_firmwareMatch17.0update2
ORsiemenssimatic_hmi_ktp700_basic_firmwareMatch17.0update3
ORsiemenssimatic_hmi_ktp700_basic_firmwareMatch17.0update4
siemenssimatic_hmi_ktp700_basicMatch-
Node
siemenssimatic_hmi_ktp900_basic_firmwareRange<17.0
ORsiemenssimatic_hmi_ktp900_basic_firmwareMatch17.0-
ORsiemenssimatic_hmi_ktp900_basic_firmwareMatch17.0udpate1
ORsiemenssimatic_hmi_ktp900_basic_firmwareMatch17.0update2
ORsiemenssimatic_hmi_ktp900_basic_firmwareMatch17.0update3
ORsiemenssimatic_hmi_ktp900_basic_firmwareMatch17.0update4
siemenssimatic_hmi_ktp900_basicMatch-
Node
siemenssimatic_hmi_ktp1200_basic_firmwareRange<17.0
ORsiemenssimatic_hmi_ktp1200_basic_firmwareMatch17.0-
ORsiemenssimatic_hmi_ktp1200_basic_firmwareMatch17.0udpate1
ORsiemenssimatic_hmi_ktp1200_basic_firmwareMatch17.0update2
ORsiemenssimatic_hmi_ktp1200_basic_firmwareMatch17.0update3
ORsiemenssimatic_hmi_ktp1200_basic_firmwareMatch17.0update4
siemenssimatic_hmi_ktp1200_basicMatch-
Node
siemenssimatic_hmi_ktp_mobile_panels_firmwareRange<17.0
ORsiemenssimatic_hmi_ktp_mobile_panels_firmwareMatch17.0-
ORsiemenssimatic_hmi_ktp_mobile_panels_firmwareMatch17.0udpate1
ORsiemenssimatic_hmi_ktp_mobile_panels_firmwareMatch17.0update2
ORsiemenssimatic_hmi_ktp_mobile_panels_firmwareMatch17.0update3
siemenssimatic_hmi_ktp_mobile_panelsMatch-
Node
siemenssiplus_hmi_ktp400_basic_firmwareRange<17.0
ORsiemenssiplus_hmi_ktp400_basic_firmwareMatch17.0-
ORsiemenssiplus_hmi_ktp400_basic_firmwareMatch17.0udpate1
ORsiemenssiplus_hmi_ktp400_basic_firmwareMatch17.0update2
ORsiemenssiplus_hmi_ktp400_basic_firmwareMatch17.0update3
ORsiemenssiplus_hmi_ktp400_basic_firmwareMatch17.0update4
siemenssiplus_hmi_ktp400_basicMatch-
Node
siemenssiplus_hmi_ktp700_basic_firmwareRange<17.0
ORsiemenssiplus_hmi_ktp700_basic_firmwareMatch17.0-
ORsiemenssiplus_hmi_ktp700_basic_firmwareMatch17.0udpate1
ORsiemenssiplus_hmi_ktp700_basic_firmwareMatch17.0update2
ORsiemenssiplus_hmi_ktp700_basic_firmwareMatch17.0update3
ORsiemenssiplus_hmi_ktp700_basic_firmwareMatch17.0update4
siemenssiplus_hmi_ktp700_basicMatch-
Node
siemenssiplus_hmi_ktp900_basic_firmwareRange<17.0
ORsiemenssiplus_hmi_ktp900_basic_firmwareMatch17.0-
ORsiemenssiplus_hmi_ktp900_basic_firmwareMatch17.0udpate1
ORsiemenssiplus_hmi_ktp900_basic_firmwareMatch17.0update2
ORsiemenssiplus_hmi_ktp900_basic_firmwareMatch17.0update3
ORsiemenssiplus_hmi_ktp900_basic_firmwareMatch17.0update4
siemenssiplus_hmi_ktp900_basicMatch-
Node
siemenssiplus_hmi_ktp1200_basic_firmwareRange<17.0
ORsiemenssiplus_hmi_ktp1200_basic_firmwareMatch17.0-
ORsiemenssiplus_hmi_ktp1200_basic_firmwareMatch17.0udpate1
ORsiemenssiplus_hmi_ktp1200_basic_firmwareMatch17.0update2
ORsiemenssiplus_hmi_ktp1200_basic_firmwareMatch17.0update3
ORsiemenssiplus_hmi_ktp1200_basic_firmwareMatch17.0update4
siemenssiplus_hmi_ktp1200_basicMatch-
| CPE | Name | Operator | Version |
|---|---|---|---|
| siemens:simatic_hmi_comfort_panels_firmware | siemens simatic hmi comfort panels firmware | lt | 17.0 |
CNA Affected
[
{
"vendor": "Siemens",
"product": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)",
"versions": [
{
"version": "All versions < V17 Update 4",
"status": "affected"
}
]
},
{
"vendor": "Siemens",
"product": "SIMATIC HMI KTP Mobile Panels",
"versions": [
{
"version": "All versions < V17 Update 4",
"status": "affected"
}
]
},
{
"vendor": "Siemens",
"product": "SIMATIC HMI KTP1200 Basic",
"versions": [
{
"version": "All versions < V17 Update 5",
"status": "affected"
}
]
},
{
"vendor": "Siemens",
"product": "SIMATIC HMI KTP400 Basic",
"versions": [
{
"version": "All versions < V17 Update 5",
"status": "affected"
}
]
},
{
"vendor": "Siemens",
"product": "SIMATIC HMI KTP700 Basic",
"versions": [
{
"version": "All versions < V17 Update 5",
"status": "affected"
}
]
},
{
"vendor": "Siemens",
"product": "SIMATIC HMI KTP900 Basic",
"versions": [
{
"version": "All versions < V17 Update 5",
"status": "affected"
}
]
},
{
"vendor": "Siemens",
"product": "SIPLUS HMI KTP1200 BASIC",
"versions": [
{
"version": "All versions < V17 Update 5",
"status": "affected"
}
]
},
{
"vendor": "Siemens",
"product": "SIPLUS HMI KTP400 BASIC",
"versions": [
{
"version": "All versions < V17 Update 5",
"status": "affected"
}
]
},
{
"vendor": "Siemens",
"product": "SIPLUS HMI KTP700 BASIC",
"versions": [
{
"version": "All versions < V17 Update 5",
"status": "affected"
}
]
},
{
"vendor": "Siemens",
"product": "SIPLUS HMI KTP900 BASIC",
"versions": [
{
"version": "All versions < V17 Update 5",
"status": "affected"
}
]
}
]Social References
More
Related
nvd
nvd
CVE-2022-40227
2022-10-11 11:15:10
prion
prion
Design/Logic Flaw
2022-10-11 11:15:00
cvelist
cvelist
CVE-2022-40227
2022-10-11 00:00:00
cnvd
cnvd
Multiple Siemens Products Input Validation Error Vulnerability
2022-10-13 00:00:00
ics
ics
Siemens SIMATIC HMI Panels
2022-10-13 12:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
56.1%
Related for CVE-2022-40227