Lucene search

SiemensCVELIST:CVE-2022-27194

HistoryApr 12, 2022 - 9:07 a.m.

CVE-2022-27194

2022-04-1209:07:59

CWE-400

siemens

www.cve.org

vulnerability

simatic pcs neo

sinetplan

tia portal

denial-of-service

remote attacker

port 8888/tcp

manual restart

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

55.2%

JSON

A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17). The affected system cannot properly process specially crafted packets sent to port 8888/tcp. A remote attacker could exploit this vulnerability to cause a Denial-of-Service condition. The affected devices must be restarted manually.

CNA Affected

[
  {
    "product": "SIMATIC PCS neo (Administration Console)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V3.1 SP1"
      }
    ]
  },
  {
    "product": "SINETPLAN",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "TIA Portal",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "V15, V15.1, V16 and V17"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-711829.pdf