Lucene search

[email protected]NVD:CVE-2022-47375

HistoryDec 12, 2023 - 12:15 p.m.

CVE-2022-47375

2023-12-1212:15:10

CWE-119

CWE-805

[email protected]

web.nvd.nist.gov

simatic

s7-400

buffer overflow

denial of service

long file names

vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.0%

JSON

A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle long file names correctly.

This could allow an attacker to create a buffer overflow and create a denial of service condition for the device.

Affected configurations

NVD

Node

siemens6es7412-2ek07-0ab0_firmware

AND

siemens6es7412-2ek07-0ab0Match-

Node

siemens6es7414-3em07-0ab0_firmware

AND

siemens6es7414-3em07-0ab0Match-

Node

siemens6es7414-3fm07-0ab0_firmware

AND

siemens6es7414-3fm07-0ab0Match-

Node

siemens6es7416-3es07-0ab0_firmware

AND

siemens6es7416-3es07-0ab0Match-

Node

siemens6es7416-3fs07-0ab0_firmware

AND

siemens6es7416-3fs07-0ab0Match-

Node

siemens6ag1414-3em07-7ab0_firmware

AND

siemens6ag1414-3em07-7ab0Match-

Node

siemens6ag1416-3es07-7ab0_firmware

AND

siemens6ag1416-3es07-7ab0Match-

Node

siemenssinamics_s120_firmwareMatch-

siemenssinamics_s120_firmwareMatch4.7

siemenssinamics_s120_firmwareMatch4.8

siemenssinamics_s120_firmwareMatch4.9

siemenssinamics_s120_firmwareMatch5.0

siemenssinamics_s120_firmwareMatch5.1sp1

siemenssinamics_s120_firmwareMatch5.1sp1_hotfix1

siemenssinamics_s120_firmwareMatch5.1sp1_hotfix13

siemenssinamics_s120_firmwareMatch5.2-

siemenssinamics_s120_firmwareMatch5.2hotfix1

siemenssinamics_s120_firmwareMatch5.2hotfix11

siemenssinamics_s120_firmwareMatch5.2hotfix7

siemenssinamics_s120_firmwareMatch5.2sp3

siemenssinamics_s120_firmwareMatch5.2sp3_hotfix1

siemenssinamics_s120_firmwareMatch5.2sp3_hotfix13

siemenssinamics_s120_firmwareMatch5.2sp3_hotfix6

siemenssinamics_s120_firmwareMatch5.2sp3_hotfix9

AND

siemenssinamics_s120Match-

Node

siemenssimatic_pc-station_plus_firmware

AND

siemenssimatic_pc-station_plusMatch-

References

cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for NVD:CVE-2022-47375

cve1 nessus1 cvelist1 prion1 cnvd1 ics1