Lucene search

SiemensCVELIST:CVE-2022-47374

HistoryDec 12, 2023 - 11:25 a.m.

CVE-2022-47374

2023-12-1211:25:31

CWE-674

siemens

www.cve.org

vulnerability

simatic

sinamics

denial of service

http

web server

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle HTTP(S) requests to the web server correctly.

This could allow an attacker to exhaust system resources and create a denial of service condition for the device.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SIMATIC PC-Station Plus",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC S7-400 CPU 412-2 PN V7",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC S7-400 CPU 414-3 PN/DP V7",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC S7-400 CPU 414F-3 PN/DP V7",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC S7-400 CPU 416-3 PN/DP V7",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC S7-400 CPU 416F-3 PN/DP V7",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SINAMICS S120 (incl. SIPLUS variants)",
    "versions": [
      {
        "version": "All versions < V5.2 SP3 HF15",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIPLUS S7-400 CPU 414-3 PN/DP V7",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIPLUS S7-400 CPU 416-3 PN/DP V7",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

Related for CVELIST:CVE-2022-47374