Lucene search

[email protected]CVE-2022-47374

HistoryDec 12, 2023 - 12:15 p.m.

CVE-2022-47374

2023-12-1212:15:10

CWE-674

[email protected]

web.nvd.nist.gov

cve-2022-47374

vulnerability

siemens

simatic

sinamics

dos attack

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle HTTP(S) requests to the web server correctly.

This could allow an attacker to exhaust system resources and create a denial of service condition for the device.

Affected configurations

NVD

Node

siemens6es7412-2ek07-0ab0Match-

AND

siemens6es7412-2ek07-0ab0_firmware

Node

siemens6es7414-3em07-0ab0Match-

AND

siemens6es7414-3em07-0ab0_firmware

Node

siemens6es7414-3fm07-0ab0Match-

AND

siemens6es7414-3fm07-0ab0_firmware

Node

siemens6es7416-3es07-0ab0Match-

AND

siemens6es7416-3es07-0ab0_firmware

Node

siemens6es7416-3fs07-0ab0Match-

AND

siemens6es7416-3fs07-0ab0_firmware

Node

siemens6ag1414-3em07-7ab0Match-

AND

siemens6ag1414-3em07-7ab0_firmware

Node

siemens6ag1416-3es07-7ab0Match-

AND

siemens6ag1416-3es07-7ab0_firmware

Node

siemenssinamics_s120Match-

AND

siemenssinamics_s120_firmwareMatch-

siemenssinamics_s120_firmwareMatch4.7

siemenssinamics_s120_firmwareMatch4.8

siemenssinamics_s120_firmwareMatch4.9

siemenssinamics_s120_firmwareMatch5.0

siemenssinamics_s120_firmwareMatch5.1sp1

siemenssinamics_s120_firmwareMatch5.1sp1_hotfix1

siemenssinamics_s120_firmwareMatch5.1sp1_hotfix13

siemenssinamics_s120_firmwareMatch5.2-

siemenssinamics_s120_firmwareMatch5.2hotfix1

siemenssinamics_s120_firmwareMatch5.2hotfix11

siemenssinamics_s120_firmwareMatch5.2hotfix7

siemenssinamics_s120_firmwareMatch5.2sp3

siemenssinamics_s120_firmwareMatch5.2sp3_hotfix1

siemenssinamics_s120_firmwareMatch5.2sp3_hotfix13

siemenssinamics_s120_firmwareMatch5.2sp3_hotfix6

siemenssinamics_s120_firmwareMatch5.2sp3_hotfix9

Node

siemenssimatic_pc-station_plus_firmware

AND

siemenssimatic_pc-station_plusMatch-

CPENameOperatorVersion
siemens:6es7412-2ek07-0ab0_firmwaresiemens 6es7412-2ek07-0ab0 firmwareeq*

CPE	Name	Operator	Version
siemens:6es7412-2ek07-0ab0_firmware	siemens 6es7412-2ek07-0ab0 firmware	eq	*

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SIMATIC PC-Station Plus",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC S7-400 CPU 412-2 PN V7",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC S7-400 CPU 414-3 PN/DP V7",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC S7-400 CPU 414F-3 PN/DP V7",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC S7-400 CPU 416-3 PN/DP V7",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC S7-400 CPU 416F-3 PN/DP V7",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SINAMICS S120 (incl. SIPLUS variants)",
    "versions": [
      {
        "version": "All versions < V5.2 SP3 HF15",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIPLUS S7-400 CPU 414-3 PN/DP V7",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIPLUS S7-400 CPU 416-3 PN/DP V7",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]