All the vulnerabilites related to Siemens - SIPLUS ET 200SP CP 1543SP-1 ISEC
var-202212-1313
Vulnerability from variot
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. simatic s7-plcsim advanced firmware, SIMATIC S7-1200 CPU 1211C firmware, SIMATIC S7-1200 CPU 1212C Multiple Siemens products, including firmware, contain vulnerabilities related to input validation.Service operation interruption (DoS) It may be in a state. SIMATIC Drive Controllers are used for the automation of production machines, combining the functions of SIMATIC S7-1500 CPU and SINAMICS S120 drive control. SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller including optional visualization functions and central I/O in a compact device. SIMATIC S7-1200 CPU products are designed for discrete and continuous control in industrial environments, such as global manufacturing, food and beverage, and chemical industries. SIMATIC S7-1500 CPU products are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and chemical industry. SIMATIC S7-1500 Software Controller is the SIMATIC Software Controller for PC-based automation solutions. SIMATIC S7-PLCSIM Advanced simulates S7-1200, S7-1500 and some other PLC derivatives. Includes full network access to simulated PLCs, even in virtualized environments. SIPLUS extreme products are designed to operate reliably under extreme conditions, based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware as the products they are based on. TIM 1531 IRC is a communication module for SIMATIC S7-1500, S7-400, S7-300 and SINAUT ST7, DNP3 and IEC 60870-5-101/104, with three RJ45 interfaces for passing through IP-based networks (WAN/ LAN) and an RS 232/RS 485 interface for communication via a classic WAN network.
A denial of service vulnerability exists in Siemens Industrial products. Attackers can exploit this vulnerability to denial of service in the device
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1313", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic s7-1500 cpu 1517tf-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1217c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1513r-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 15prof-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu cpu 1513prof-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic et 200 sp open controller cpu 1515sp pc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1200 cpu 1211c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "siplus s7-300 cpu 317-2 pn\\/dp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500 cpu 1511f-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 1214c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1510sp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515tf-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516-3 pn\\/dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1513-1 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515t-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1508s f", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515-2 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1517-3 pn\\/dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515f-2 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1214c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "tim 1531 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1200 cpu 1214 fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1508s", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 151511f-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518f-4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1215fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1512c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516-3 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1511t-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1513-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516f-3 pn\\/dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 151511c-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518-4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518tf-4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1512sp-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1212c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-plcsim advanced", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.0" }, { "model": "simatic s7-1500 cpu 15pro-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516pro f", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "siplus s7-1200 cp 1243-1 rail", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1512spf-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516-3 dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515r-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu cpu 1513pro-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1511-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516t-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1510sp-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1511c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1517-3 dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518hf-4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516pro-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1513f-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "siplus s7-1200 cp 1243-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1200 cpu 1214fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1200 cpu 1217c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "siplus s7-300 cpu 314", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "siplus s7-300 cpu 315-2 pn\\/dp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500 cpu 1512c-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1214fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1511f-1 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1511tf-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 1215fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1518-4 pn\\/dp mfp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 1212c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1511c-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1507s f", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1513f-1 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 1212fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1518-4 pn\\/dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1517f-3 pn\\/dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 1215 fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1516f-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516tf-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1517-3 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518t-4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1211c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1200 cpu 1215c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1518-4 dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1215c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 software controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500 cpu 1511-1 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518-4 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518f-4 pn\\/dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1517-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515f-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1507s", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "siplus tim 1531 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1200 cpu 12 1212fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "siplus s7-300 cpu 315-2 dp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500 cpu 1517f-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 1212c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1215fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1217c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1211c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1212fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1214fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1215c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1214c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1215 fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1215c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1214fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus s7-1200 cp 1243-1 rail", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-plcsim advanced", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1212fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1217c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1214c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1214 fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1211c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1212c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1215fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1500 software controller", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic et 200sp open controller cpu 1515sp pc2", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic drive controller family", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v3.0.1" }, { "model": "simatic s7-1200 cpu family", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.6.0" }, { "model": "simatic s7-1500 cpu family", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v3.0.1" }, { "model": "simatic s7-plcsim advanced", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v5.0" }, { "model": "siplus tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531" }, { "model": "tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87985" }, { "db": "JVNDB", "id": "JVNDB-2021-020594" }, { "db": "NVD", "id": "CVE-2021-40365" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Gao Jian reported these vulnerabilities to Siemens.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-2986" } ], "trust": 0.6 }, "cve": "CVE-2021-40365", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2022-87985", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2021-40365", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2021-020594", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2021-40365", "trust": 1.0, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2021-40365", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2021-020594", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2022-87985", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202212-2986", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87985" }, { "db": "JVNDB", "id": "JVNDB-2021-020594" }, { "db": "CNNVD", "id": "CNNVD-202212-2986" }, { "db": "NVD", "id": "CVE-2021-40365" }, { "db": "NVD", "id": "CVE-2021-40365" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Affected devices don\u0027t process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. simatic s7-plcsim advanced firmware, SIMATIC S7-1200 CPU 1211C firmware, SIMATIC S7-1200 CPU 1212C Multiple Siemens products, including firmware, contain vulnerabilities related to input validation.Service operation interruption (DoS) It may be in a state. SIMATIC Drive Controllers are used for the automation of production machines, combining the functions of SIMATIC S7-1500 CPU and SINAMICS S120 drive control. SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller including optional visualization functions and central I/O in a compact device. SIMATIC S7-1200 CPU products are designed for discrete and continuous control in industrial environments, such as global manufacturing, food and beverage, and chemical industries. SIMATIC S7-1500 CPU products are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and chemical industry. SIMATIC S7-1500 Software Controller is the SIMATIC Software Controller for PC-based automation solutions. SIMATIC S7-PLCSIM Advanced simulates S7-1200, S7-1500 and some other PLC derivatives. Includes full network access to simulated PLCs, even in virtualized environments. SIPLUS extreme products are designed to operate reliably under extreme conditions, based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware as the products they are based on. TIM 1531 IRC is a communication module for SIMATIC S7-1500, S7-400, S7-300 and SINAUT ST7, DNP3 and IEC 60870-5-101/104, with three RJ45 interfaces for passing through IP-based networks (WAN/ LAN) and an RS 232/RS 485 interface for communication via a classic WAN network. \n\r\n\r\nA denial of service vulnerability exists in Siemens Industrial products. Attackers can exploit this vulnerability to denial of service in the device", "sources": [ { "db": "NVD", "id": "CVE-2021-40365" }, { "db": "JVNDB", "id": "JVNDB-2021-020594" }, { "db": "CNVD", "id": "CNVD-2022-87985" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-40365", "trust": 3.8 }, { "db": "SIEMENS", "id": "SSA-382653", "trust": 3.0 }, { "db": "ICS CERT", "id": "ICSA-22-349-03", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU91561630", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-020594", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-87985", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202212-2986", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87985" }, { "db": "JVNDB", "id": "JVNDB-2021-020594" }, { "db": "CNNVD", "id": "CNNVD-202212-2986" }, { "db": "NVD", "id": "CVE-2021-40365" } ] }, "id": "VAR-202212-1313", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-87985" } ], "trust": 1.306162763125 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87985" } ] }, "last_update_date": "2024-08-14T12:16:09.047000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens Industrial Product Denial of Service Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/372391" }, { "title": "Siemens SIMATIC Drive Controller Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=232929" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87985" }, { "db": "CNNVD", "id": "CNNVD-202212-2986" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 1.0 }, { "problemtype": "Inappropriate input confirmation (CWE-20) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-020594" }, { "db": "NVD", "id": "CVE-2021-40365" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91561630/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40365" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-03" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-382653.html" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2021-40365/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-349-03" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/siemens-simatic-four-vulnerabilities-40092" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87985" }, { "db": "JVNDB", "id": "JVNDB-2021-020594" }, { "db": "CNNVD", "id": "CNNVD-202212-2986" }, { "db": "NVD", "id": "CVE-2021-40365" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-87985" }, { "db": "JVNDB", "id": "JVNDB-2021-020594" }, { "db": "CNNVD", "id": "CNNVD-202212-2986" }, { "db": "NVD", "id": "CVE-2021-40365" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-16T00:00:00", "db": "CNVD", "id": "CNVD-2022-87985" }, { "date": "2023-11-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-020594" }, { "date": "2022-12-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-2986" }, { "date": "2022-12-13T16:15:14.650000", "db": "NVD", "id": "CVE-2021-40365" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-16T00:00:00", "db": "CNVD", "id": "CNVD-2022-87985" }, { "date": "2023-11-29T01:35:00", "db": "JVNDB", "id": "JVNDB-2021-020594" }, { "date": "2023-07-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-2986" }, { "date": "2023-09-12T10:15:08.130000", "db": "NVD", "id": "CVE-2021-40365" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-2986" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Input validation vulnerability in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-020594" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-2986" } ], "trust": 0.6 } }
var-202110-1670
Vulnerability from variot
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility. strongSwan Exists in an integer overflow vulnerability.Denial of service (DoS) It may be put into a state. ========================================================================== Ubuntu Security Notice USN-5111-1 October 19, 2021
strongswan vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in strongSwan.
Software Description: - strongswan: IPsec VPN solution
Details:
It was discovered that strongSwan incorrectly handled certain RSASSA-PSS signatures. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2021-41990)
It was discovered that strongSwan incorrectly handled replacing certificates in the cache. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-41991)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: libstrongswan 5.9.1-1ubuntu3.1 strongswan 5.9.1-1ubuntu3.1
Ubuntu 21.04: libstrongswan 5.9.1-1ubuntu1.2 strongswan 5.9.1-1ubuntu1.2
Ubuntu 20.04 LTS: libstrongswan 5.8.2-1ubuntu3.3 strongswan 5.8.2-1ubuntu3.3
Ubuntu 18.04 LTS: libstrongswan 5.6.2-1ubuntu2.7 strongswan 5.6.2-1ubuntu2.7
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5111-1 CVE-2021-41990, CVE-2021-41991
Package Information: https://launchpad.net/ubuntu/+source/strongswan/5.9.1-1ubuntu3.1 https://launchpad.net/ubuntu/+source/strongswan/5.9.1-1ubuntu1.2 https://launchpad.net/ubuntu/+source/strongswan/5.8.2-1ubuntu3.3 https://launchpad.net/ubuntu/+source/strongswan/5.6.2-1ubuntu2.7 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4989-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez October 18, 2021 https://www.debian.org/security/faq
Package : strongswan CVE ID : CVE-2021-41990 CVE-2021-41991
Researchers at the United States of America National Security Agency (NSA) identified two denial of services vulnerability in strongSwan, an IKE/IPsec suite.
CVE-2021-41990
RSASSA-PSS signatures whose parameters define a very high salt length can
trigger an integer overflow that can lead to a segmentation fault.
Generating a signature that bypasses the padding check to trigger the crash
requires access to the private key that signed the certificate. However,
the certificate does not have to be trusted. Because the gmp and the
openssl plugins both check if a parsed certificate is self-signed (and the
signature is valid), this can e.g. be triggered by an unrelated
self-signed CA certificate sent by an initiator. Depending on the generated random value, this could
lead to an integer overflow that results in a double-dereference and a call
using out-of-bounds memory that most likely leads to a segmentation fault.
Remote code execution can't be ruled out completely, but attackers have no
control over the dereferenced memory, so it seems unlikely at this point.
For the oldstable distribution (buster), these problems have been fixed in version 5.7.2-1+deb10u1.
For the stable distribution (bullseye), these problems have been fixed in version 5.9.1-1+deb11u1.
We recommend that you upgrade your strongswan packages.
For the detailed security status of strongswan please refer to its security tracker page at: https://security-tracker.debian.org/tracker/strongswan
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmFtyAUACgkQ3rYcyPpX RFudiwf+NNcRRRJychLI5ycMKVxkr2tEAJDeVZjv966YBM1tXnCtROydXf5Zip2M dn/EYO71uuT5FKhs8tJyx5iv2bFcrvyqQQo6DFQvXZHR0+9U+MHcR9qB7JJDM4nK +JXOEmAv3akCFhiP6jMx5B6jRWR1e4MOwxmgrgGu/nwy2cYBQPI43qPTrXi3Fcnv eSgeyLqyZNLmaGmj8jQfTnc8bdVF5xAs6mHhVqNJxQCdouG9b4/S6AxJsl3IMxyF WZhtCNUvhHH8wz0lZVElR3Qs6fUu0phKdlT9kBv/o6fP3ceiYOCEh8SqBgYU3hQL xyB0uP4EcSR70TvKZMB2jV/tGG1A8w== =/Xvi -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202405-08
https://security.gentoo.org/
Severity: Normal Title: strongSwan: Multiple Vulnerabilities Date: May 04, 2024 Bugs: #818841, #832460, #878887, #899964 ID: 202405-08
Synopsis
Multiple vulnerabilities have been discovered in strongSwan, the worst of which could possibly lead to remote code execution.
Background
strongSwan is an IPSec implementation for Linux.
Affected packages
Package Vulnerable Unaffected
net-vpn/strongswan < 5.9.10 >= 5.9.10
Description
Multiple vulnerabilities have been discovered in strongSwan. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All strongSwan users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-vpn/strongswan-5.9.10"
References
[ 1 ] CVE-2021-41991 https://nvd.nist.gov/vuln/detail/CVE-2021-41991 [ 2 ] CVE-2021-45079 https://nvd.nist.gov/vuln/detail/CVE-2021-45079 [ 3 ] CVE-2022-40617 https://nvd.nist.gov/vuln/detail/CVE-2022-40617 [ 4 ] CVE-2023-26463 https://nvd.nist.gov/vuln/detail/CVE-2023-26463
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202405-08
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202110-1670", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "siplus net cp 1543-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "siplus s7-1200 cp 1243-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "scalance sc636-2c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "scalance sc622-2c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "34" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "35" }, { "model": "strongswan", "scope": "lt", "trust": 1.0, "vendor": "strongswan", "version": "5.9.4" }, { "model": "simatic net cp 1243-8 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "11.0" }, { "model": "simatic net cp1243-7 lte eu", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic cp 1243-7 lte\\/us", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic cp 1543sp-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "scalance sc642-2c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic cp 1542sp-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic cp 1542sp-1 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "cp 1543-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "33" }, { "model": "simatic cp 1242-7 gprs v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic net cp 1545-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "siplus s7-1200 cp 1243-1 rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "sinema remote connect server", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic cp 1243-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "scalance sc632-2c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "scalance sc646-2c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3" }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "strongswan", "scope": "gte", "trust": 1.0, "vendor": "strongswan", "version": "4.2.10" }, { "model": "fedora", "scope": null, "trust": 0.8, "vendor": "fedora", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "strongswan", "scope": null, "trust": 0.8, "vendor": "strongswan", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-007493" }, { "db": "NVD", "id": "CVE-2021-41991" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ubuntu", "sources": [ { "db": "PACKETSTORM", "id": "164558" }, { "db": "PACKETSTORM", "id": "164554" } ], "trust": 0.2 }, "cve": "CVE-2021-41991", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2021-41991", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-403107", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2021-41991", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-41991", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-41991", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2021-41991", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202110-1214", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-403107", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-41991", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-403107" }, { "db": "VULMON", "id": "CVE-2021-41991" }, { "db": "JVNDB", "id": "JVNDB-2021-007493" }, { "db": "CNNVD", "id": "CNNVD-202110-1214" }, { "db": "NVD", "id": "CVE-2021-41991" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility. strongSwan Exists in an integer overflow vulnerability.Denial of service (DoS) It may be put into a state. ==========================================================================\nUbuntu Security Notice USN-5111-1\nOctober 19, 2021\n\nstrongswan vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in strongSwan. \n\nSoftware Description:\n- strongswan: IPsec VPN solution\n\nDetails:\n\nIt was discovered that strongSwan incorrectly handled certain RSASSA-PSS\nsignatures. A remote attacker could use this issue to cause strongSwan to\ncrash, resulting in a denial of service. (CVE-2021-41990)\n\nIt was discovered that strongSwan incorrectly handled replacing\ncertificates in the cache. A remote attacker could use this issue to cause\nstrongSwan to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2021-41991)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n libstrongswan 5.9.1-1ubuntu3.1\n strongswan 5.9.1-1ubuntu3.1\n\nUbuntu 21.04:\n libstrongswan 5.9.1-1ubuntu1.2\n strongswan 5.9.1-1ubuntu1.2\n\nUbuntu 20.04 LTS:\n libstrongswan 5.8.2-1ubuntu3.3\n strongswan 5.8.2-1ubuntu3.3\n\nUbuntu 18.04 LTS:\n libstrongswan 5.6.2-1ubuntu2.7\n strongswan 5.6.2-1ubuntu2.7\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5111-1\n CVE-2021-41990, CVE-2021-41991\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/strongswan/5.9.1-1ubuntu3.1\n https://launchpad.net/ubuntu/+source/strongswan/5.9.1-1ubuntu1.2\n https://launchpad.net/ubuntu/+source/strongswan/5.8.2-1ubuntu3.3\n https://launchpad.net/ubuntu/+source/strongswan/5.6.2-1ubuntu2.7\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4989-1 security@debian.org\nhttps://www.debian.org/security/ Yves-Alexis Perez\nOctober 18, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : strongswan\nCVE ID : CVE-2021-41990 CVE-2021-41991\n\nResearchers at the United States of America National Security Agency (NSA)\nidentified two denial of services vulnerability in strongSwan, an IKE/IPsec\nsuite. \n\nCVE-2021-41990\n\n RSASSA-PSS signatures whose parameters define a very high salt length can\n trigger an integer overflow that can lead to a segmentation fault. \n Generating a signature that bypasses the padding check to trigger the crash\n requires access to the private key that signed the certificate. However,\n the certificate does not have to be trusted. Because the gmp and the\n openssl plugins both check if a parsed certificate is self-signed (and the\n signature is valid), this can e.g. be triggered by an unrelated\n self-signed CA certificate sent by an initiator. Depending on the generated random value, this could\n lead to an integer overflow that results in a double-dereference and a call\n using out-of-bounds memory that most likely leads to a segmentation fault. \n Remote code execution can\u0027t be ruled out completely, but attackers have no\n control over the dereferenced memory, so it seems unlikely at this point. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 5.7.2-1+deb10u1. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 5.9.1-1+deb11u1. \n\nWe recommend that you upgrade your strongswan packages. \n\nFor the detailed security status of strongswan please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/strongswan\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmFtyAUACgkQ3rYcyPpX\nRFudiwf+NNcRRRJychLI5ycMKVxkr2tEAJDeVZjv966YBM1tXnCtROydXf5Zip2M\ndn/EYO71uuT5FKhs8tJyx5iv2bFcrvyqQQo6DFQvXZHR0+9U+MHcR9qB7JJDM4nK\n+JXOEmAv3akCFhiP6jMx5B6jRWR1e4MOwxmgrgGu/nwy2cYBQPI43qPTrXi3Fcnv\neSgeyLqyZNLmaGmj8jQfTnc8bdVF5xAs6mHhVqNJxQCdouG9b4/S6AxJsl3IMxyF\nWZhtCNUvhHH8wz0lZVElR3Qs6fUu0phKdlT9kBv/o6fP3ceiYOCEh8SqBgYU3hQL\nxyB0uP4EcSR70TvKZMB2jV/tGG1A8w==\n=/Xvi\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202405-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: strongSwan: Multiple Vulnerabilities\n Date: May 04, 2024\n Bugs: #818841, #832460, #878887, #899964\n ID: 202405-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in strongSwan, the worst\nof which could possibly lead to remote code execution. \n\nBackground\n=========\nstrongSwan is an IPSec implementation for Linux. \n\nAffected packages\n================\nPackage Vulnerable Unaffected\n------------------ ------------ ------------\nnet-vpn/strongswan \u003c 5.9.10 \u003e= 5.9.10\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in strongSwan. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll strongSwan users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-vpn/strongswan-5.9.10\"\n\nReferences\n=========\n[ 1 ] CVE-2021-41991\n https://nvd.nist.gov/vuln/detail/CVE-2021-41991\n[ 2 ] CVE-2021-45079\n https://nvd.nist.gov/vuln/detail/CVE-2021-45079\n[ 3 ] CVE-2022-40617\n https://nvd.nist.gov/vuln/detail/CVE-2022-40617\n[ 4 ] CVE-2023-26463\n https://nvd.nist.gov/vuln/detail/CVE-2023-26463\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202405-08\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2024 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n", "sources": [ { "db": "NVD", "id": "CVE-2021-41991" }, { "db": "JVNDB", "id": "JVNDB-2021-007493" }, { "db": "VULHUB", "id": "VHN-403107" }, { "db": "VULMON", "id": "CVE-2021-41991" }, { "db": "PACKETSTORM", "id": "164558" }, { "db": "PACKETSTORM", "id": "164554" }, { "db": "PACKETSTORM", "id": "169143" }, { "db": "PACKETSTORM", "id": "178454" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-41991", "trust": 3.8 }, { "db": "SIEMENS", "id": "SSA-539476", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU98748974", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-007493", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "164558", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164554", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021101947", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3463", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3488", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202110-1214", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-403107", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-41991", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169143", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "178454", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-403107" }, { "db": "VULMON", "id": "CVE-2021-41991" }, { "db": "JVNDB", "id": "JVNDB-2021-007493" }, { "db": "PACKETSTORM", "id": "164558" }, { "db": "PACKETSTORM", "id": "164554" }, { "db": "PACKETSTORM", "id": "169143" }, { "db": "PACKETSTORM", "id": "178454" }, { "db": "CNNVD", "id": "CNNVD-202110-1214" }, { "db": "NVD", "id": "CVE-2021-41991" } ] }, "id": "VAR-202110-1670", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-403107" } ], "trust": 0.7521640566666667 }, "last_update_date": "2024-11-23T20:22:32.248000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "strongSwan\u00a0Vulnerability\u00a0(CVE-2021-41991)", "trust": 0.8, "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00014.html" }, { "title": "strongSwan Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166640" }, { "title": "Debian Security Advisories: DSA-4989-1 strongswan -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=35fdad388753f5d88f528a33acdb09b3" }, { "title": "Red Hat: CVE-2021-41991", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-41991" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-41991 log" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-41991" }, { "db": "JVNDB", "id": "JVNDB-2021-007493" }, { "db": "CNNVD", "id": "CNNVD-202110-1214" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-190", "trust": 1.1 }, { "problemtype": "Integer overflow or wraparound (CWE-190) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-403107" }, { "db": "JVNDB", "id": "JVNDB-2021-007493" }, { "db": "NVD", "id": "CVE-2021-41991" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://www.debian.org/security/2021/dsa-4989" }, { "trust": 1.8, "url": "https://github.com/strongswan/strongswan/releases/tag/5.9.4" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00014.html" }, { "trust": 1.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41991" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf" }, { "trust": 1.1, "url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-%28cve-2021-41991%29.html" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wqsq3bec22nf4ncdzvct4p3q2ziajxgj/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y3tq32jljobjdb2ejksx2pbpb5nfg2d4/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5fjsatd2r2xhtg4p63gcmq2n7ewkmme5/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu98748974/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5fjsatd2r2xhtg4p63gcmq2n7ewkmme5/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y3tq32jljobjdb2ejksx2pbpb5nfg2d4/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wqsq3bec22nf4ncdzvct4p3q2ziajxgj/" }, { "trust": 0.7, "url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2021-41991" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/strongswan-integer-overflow-via-in-memory-certificate-cache-36667" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3463" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164558/ubuntu-security-notice-usn-5111-2.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021101947" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3488" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164554/ubuntu-security-notice-usn-5111-1.html" }, { "trust": 0.2, "url": "https://ubuntu.com/security/notices/usn-5111-1" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41990" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/190.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-5111-2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/strongswan/5.9.1-1ubuntu3.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/strongswan/5.8.2-1ubuntu3.3" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/strongswan/5.9.1-1ubuntu1.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/strongswan/5.6.2-1ubuntu2.7" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/strongswan" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45079" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://security.gentoo.org/glsa/202405-08" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40617" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-26463" } ], "sources": [ { "db": "VULHUB", "id": "VHN-403107" }, { "db": "VULMON", "id": "CVE-2021-41991" }, { "db": "JVNDB", "id": "JVNDB-2021-007493" }, { "db": "PACKETSTORM", "id": "164558" }, { "db": "PACKETSTORM", "id": "164554" }, { "db": "PACKETSTORM", "id": "169143" }, { "db": "PACKETSTORM", "id": "178454" }, { "db": "CNNVD", "id": "CNNVD-202110-1214" }, { "db": "NVD", "id": "CVE-2021-41991" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-403107" }, { "db": "VULMON", "id": "CVE-2021-41991" }, { "db": "JVNDB", "id": "JVNDB-2021-007493" }, { "db": "PACKETSTORM", "id": "164558" }, { "db": "PACKETSTORM", "id": "164554" }, { "db": "PACKETSTORM", "id": "169143" }, { "db": "PACKETSTORM", "id": "178454" }, { "db": "CNNVD", "id": "CNNVD-202110-1214" }, { "db": "NVD", "id": "CVE-2021-41991" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-10-18T00:00:00", "db": "VULHUB", "id": "VHN-403107" }, { "date": "2021-10-18T00:00:00", "db": "VULMON", "id": "CVE-2021-41991" }, { "date": "2022-02-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-007493" }, { "date": "2021-10-20T15:43:57", "db": "PACKETSTORM", "id": "164558" }, { "date": "2021-10-19T15:31:42", "db": "PACKETSTORM", "id": "164554" }, { "date": "2021-10-28T19:12:00", "db": "PACKETSTORM", "id": "169143" }, { "date": "2024-05-06T13:54:27", "db": "PACKETSTORM", "id": "178454" }, { "date": "2021-10-18T00:00:00", "db": "CNNVD", "id": "CNNVD-202110-1214" }, { "date": "2021-10-18T14:15:10.333000", "db": "NVD", "id": "CVE-2021-41991" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-04-12T00:00:00", "db": "VULHUB", "id": "VHN-403107" }, { "date": "2021-10-21T00:00:00", "db": "VULMON", "id": "CVE-2021-41991" }, { "date": "2022-02-15T00:53:00", "db": "JVNDB", "id": "JVNDB-2021-007493" }, { "date": "2022-02-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202110-1214" }, { "date": "2024-11-21T06:27:02.090000", "db": "NVD", "id": "CVE-2021-41991" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "164558" }, { "db": "PACKETSTORM", "id": "164554" }, { "db": "PACKETSTORM", "id": "178454" }, { "db": "CNNVD", "id": "CNNVD-202110-1214" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "strongSwan\u00a0 Integer overflow vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-007493" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202110-1214" } ], "trust": 0.6 } }
var-202304-0702
Vulnerability from variot
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product. simatic cp 1242-7 v2 firmware, SIMATIC CP 1243-1 firmware, simatic cp 1243-1 dnp3 Multiple Siemens products, including firmware, contain vulnerabilities related to the use of freed memory.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC IPC DiagMonitor is a set of system monitoring and fault diagnosis software of Siemens (Siemens) in Germany. The SIMATIC CP 1242-7 and CP 1243-7 LTE communications processors connect the SIMATIC S7-1200 controllers to the wide area network (WAN). They offer integrated security features such as firewalls, virtual private networks (VPNs), and support for other data encryption protocols. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or the ST7 master station via the SINAUT ST7 remote control protocol
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-0702", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic cp", "scope": "eq", "trust": 1.2, "vendor": "siemens", "version": "443-1\u003cv3.3" }, { "model": "simatic cp 1243-7 lte eu", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1542sp-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 443-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "siplus net cp 443-1 advanced", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic ipc diagbase", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus tim 1531 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3.6" }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic ipc diagmonitor", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "tim 1531 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3.6" }, { "model": "siplus s7-1200 cp 1243-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-1 iec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus net cp 1242-7 v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus s7-1200 cp 1243-1 rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-7 lte us", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus net cp 443-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "simatic cp 1243-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-8 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-1 dnp3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1543sp-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1542sp-1 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 443-1 advanced", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "simatic cp 1242-7 v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 443-1 advanced", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic ipc diagmonitor", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-1 dnp3", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus net cp 1242-7 v2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1542sp-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-8 irc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-7 lte us", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus net cp 443-1 advanced", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1543sp-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 443-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1242-7 v2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-1 iec", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus net cp 443-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic ipc diagbase", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1542sp-1 irc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-7 lte eu", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic ipc diagmonitor", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp lte eu", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp lte us", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-8" }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "siplus s7-1200 cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "siplus s7-1200 cp rail", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp advanced", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1\u003cv3.3" }, { "model": "simatic cp dnp3", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp iec", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp 1542sp-1", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 1542sp-1 irc", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 1543sp-1", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic ipc diagbase", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1\u003cv3.3" }, { "model": "siplus net cp advanced \u003cv3.3l", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1" }, { "model": "siplus tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531\u003cv2.3.6" }, { "model": "tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531\u003cv2.3.6" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35756" }, { "db": "JVNDB", "id": "JVNDB-2022-022093" }, { "db": "NVD", "id": "CVE-2022-43716" } ] }, "cve": "CVE-2022-43716", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2023-35756", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2022-43716", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2022-022093", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2022-43716", "trust": 1.0, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2022-43716", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2022-022093", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2023-35756", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202304-727", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35756" }, { "db": "JVNDB", "id": "JVNDB-2022-022093" }, { "db": "CNNVD", "id": "CNNVD-202304-727" }, { "db": "NVD", "id": "CVE-2022-43716" }, { "db": "NVD", "id": "CVE-2022-43716" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions \u003c V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions \u003c V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions \u003c V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions \u003c V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions \u003c V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions \u003c V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions \u003c V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product. simatic cp 1242-7 v2 firmware, SIMATIC CP 1243-1 firmware, simatic cp 1243-1 dnp3 Multiple Siemens products, including firmware, contain vulnerabilities related to the use of freed memory.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC IPC DiagMonitor is a set of system monitoring and fault diagnosis software of Siemens (Siemens) in Germany. The SIMATIC CP 1242-7 and CP 1243-7 LTE communications processors connect the SIMATIC S7-1200 controllers to the wide area network (WAN). They offer integrated security features such as firewalls, virtual private networks (VPNs), and support for other data encryption protocols. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or the ST7 master station via the SINAUT ST7 remote control protocol", "sources": [ { "db": "NVD", "id": "CVE-2022-43716" }, { "db": "JVNDB", "id": "JVNDB-2022-022093" }, { "db": "CNVD", "id": "CNVD-2023-35756" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-43716", "trust": 3.8 }, { "db": "SIEMENS", "id": "SSA-566905", "trust": 3.0 }, { "db": "SIEMENS", "id": "SSA-139628", "trust": 1.0 }, { "db": "ICS CERT", "id": "ICSA-23-103-10", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU94715153", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-022093", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-35756", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.2159", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202304-727", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35756" }, { "db": "JVNDB", "id": "JVNDB-2022-022093" }, { "db": "CNNVD", "id": "CNNVD-202304-727" }, { "db": "NVD", "id": "CVE-2022-43716" } ] }, "id": "VAR-202304-0702", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-35756" } ], "trust": 1.3845387558333333 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35756" } ] }, "last_update_date": "2024-09-10T21:39:02.572000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Denial of Service Vulnerability in Several Siemens Products", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/424641" }, { "title": "Siemens SIMATIC CP443-1 OPC UA9 Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=233080" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35756" }, { "db": "CNNVD", "id": "CNNVD-202304-727" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-416", "trust": 1.0 }, { "problemtype": "Use of freed memory (CWE-416) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022093" }, { "db": "NVD", "id": "CVE-2022-43716" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu94715153/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43716" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-10" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.2159" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-43716/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35756" }, { "db": "JVNDB", "id": "JVNDB-2022-022093" }, { "db": "CNNVD", "id": "CNNVD-202304-727" }, { "db": "NVD", "id": "CVE-2022-43716" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-35756" }, { "db": "JVNDB", "id": "JVNDB-2022-022093" }, { "db": "CNNVD", "id": "CNNVD-202304-727" }, { "db": "NVD", "id": "CVE-2022-43716" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-05-10T00:00:00", "db": "CNVD", "id": "CNVD-2023-35756" }, { "date": "2023-11-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-022093" }, { "date": "2023-04-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-727" }, { "date": "2023-04-11T10:15:17.467000", "db": "NVD", "id": "CVE-2022-43716" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-05-10T00:00:00", "db": "CNVD", "id": "CNVD-2023-35756" }, { "date": "2023-11-15T06:20:00", "db": "JVNDB", "id": "JVNDB-2022-022093" }, { "date": "2023-05-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-727" }, { "date": "2024-09-10T10:15:04.627000", "db": "NVD", "id": "CVE-2022-43716" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-727" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Use of Freed Memory Vulnerability in Multiple Siemens Products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022093" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-727" } ], "trust": 0.6 } }
var-202212-1314
Vulnerability from variot
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. simatic s7-plcsim advanced firmware, SIMATIC S7-1200 CPU 1211C firmware, SIMATIC S7-1200 CPU 1212C Multiple Siemens products, including firmware, contain vulnerabilities related to syntactic validation of input.Service operation interruption (DoS) It may be in a state. SIMATIC Drive Controllers are used for the automation of production machines, combining the functions of SIMATIC S7-1500 CPU and SINAMICS S120 drive control. SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller including optional visualization functions and central I/O in a compact device. SIMATIC S7-1200 CPU products are designed for discrete and continuous control in industrial environments, such as global manufacturing, food and beverage, and chemical industries. SIMATIC S7-1500 CPU products are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and chemical industry. SIMATIC S7-1500 Software Controller is the SIMATIC Software Controller for PC-based automation solutions. SIMATIC S7-PLCSIM Advanced simulates S7-1200, S7-1500 and some other PLC derivatives. Includes full network access to simulated PLCs, even in virtualized environments. SIPLUS extreme products are designed to operate reliably under extreme conditions, based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware as the products they are based on. TIM 1531 IRC is a communication module for SIMATIC S7-1500, S7-400, S7-300 and SINAUT ST7, DNP3 and IEC 60870-5-101/104, with three RJ45 interfaces for passing through IP-based networks (WAN/ LAN) and an RS 232/RS 485 interface for communication via a classic WAN network.
A denial of service vulnerability exists in Siemens Industrial products. Attackers can exploit this vulnerability to denial of service in the device
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1314", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic s7-1500 cpu 1517tf-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1217c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1513r-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 15prof-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu cpu 1513prof-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic et 200 sp open controller cpu 1515sp pc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1200 cpu 1211c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "siplus s7-300 cpu 317-2 pn\\/dp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500 cpu 1511f-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 1214c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1510sp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515tf-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516-3 pn\\/dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1513-1 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515t-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1508s f", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515-2 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1517-3 pn\\/dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515f-2 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1214c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "tim 1531 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1200 cpu 1214 fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1508s", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 151511f-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518f-4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1215fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1512c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516-3 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1511t-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1513-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516f-3 pn\\/dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 151511c-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518-4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518tf-4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1512sp-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1212c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-plcsim advanced", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.0" }, { "model": "simatic s7-1500 cpu 15pro-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516pro f", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "siplus s7-1200 cp 1243-1 rail", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1512spf-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516-3 dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515r-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu cpu 1513pro-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1511-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516t-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1510sp-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1511c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1517-3 dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518hf-4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516pro-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1513f-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "siplus s7-1200 cp 1243-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1200 cpu 1214fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1200 cpu 1217c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "siplus s7-300 cpu 314", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "siplus s7-300 cpu 315-2 pn\\/dp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500 cpu 1512c-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1214fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1511f-1 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1511tf-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 1215fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1518-4 pn\\/dp mfp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 1212c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1511c-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1507s f", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1513f-1 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 1212fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1518-4 pn\\/dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1517f-3 pn\\/dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 1215 fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1516f-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516tf-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1517-3 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518t-4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1211c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1200 cpu 1215c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1518-4 dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1215c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 software controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500 cpu 1511-1 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518-4 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518f-4 pn\\/dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1517-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515f-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1507s", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "siplus tim 1531 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1200 cpu 12 1212fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "siplus s7-300 cpu 315-2 dp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500 cpu 1517f-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 1212c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1215fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1217c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1211c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1212fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1214fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1215c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1214c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1215 fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1215c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1214fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus s7-1200 cp 1243-1 rail", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-plcsim advanced", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1212fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1217c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1214c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1214 fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1211c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1212c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1215fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1500 software controller", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic et 200sp open controller cpu 1515sp pc2", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic drive controller family", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v3.0.1" }, { "model": "simatic s7-1200 cpu family", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.6.0" }, { "model": "simatic s7-1500 cpu family", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v3.0.1" }, { "model": "simatic s7-plcsim advanced", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v5.0" }, { "model": "siplus tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531" }, { "model": "tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87982" }, { "db": "JVNDB", "id": "JVNDB-2021-020591" }, { "db": "NVD", "id": "CVE-2021-44695" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Gao Jian reported these vulnerabilities to Siemens.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-2987" } ], "trust": 0.6 }, "cve": "CVE-2021-44695", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2022-87982", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.2, "id": "CVE-2021-44695", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2021-44695", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "High", "baseScore": 4.9, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2021-020591", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2021-44695", "trust": 1.0, "value": "MEDIUM" }, { "author": "nvd@nist.gov", "id": "CVE-2021-44695", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2021-020591", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2022-87982", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202212-2987", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87982" }, { "db": "JVNDB", "id": "JVNDB-2021-020591" }, { "db": "CNNVD", "id": "CNNVD-202212-2987" }, { "db": "NVD", "id": "CVE-2021-44695" }, { "db": "NVD", "id": "CVE-2021-44695" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Affected devices don\u0027t process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. simatic s7-plcsim advanced firmware, SIMATIC S7-1200 CPU 1211C firmware, SIMATIC S7-1200 CPU 1212C Multiple Siemens products, including firmware, contain vulnerabilities related to syntactic validation of input.Service operation interruption (DoS) It may be in a state. SIMATIC Drive Controllers are used for the automation of production machines, combining the functions of SIMATIC S7-1500 CPU and SINAMICS S120 drive control. SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller including optional visualization functions and central I/O in a compact device. SIMATIC S7-1200 CPU products are designed for discrete and continuous control in industrial environments, such as global manufacturing, food and beverage, and chemical industries. SIMATIC S7-1500 CPU products are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and chemical industry. SIMATIC S7-1500 Software Controller is the SIMATIC Software Controller for PC-based automation solutions. SIMATIC S7-PLCSIM Advanced simulates S7-1200, S7-1500 and some other PLC derivatives. Includes full network access to simulated PLCs, even in virtualized environments. SIPLUS extreme products are designed to operate reliably under extreme conditions, based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware as the products they are based on. TIM 1531 IRC is a communication module for SIMATIC S7-1500, S7-400, S7-300 and SINAUT ST7, DNP3 and IEC 60870-5-101/104, with three RJ45 interfaces for passing through IP-based networks (WAN/ LAN) and an RS 232/RS 485 interface for communication via a classic WAN network. \n\r\n\r\nA denial of service vulnerability exists in Siemens Industrial products. Attackers can exploit this vulnerability to denial of service in the device", "sources": [ { "db": "NVD", "id": "CVE-2021-44695" }, { "db": "JVNDB", "id": "JVNDB-2021-020591" }, { "db": "CNVD", "id": "CNVD-2022-87982" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-44695", "trust": 3.8 }, { "db": "SIEMENS", "id": "SSA-382653", "trust": 3.0 }, { "db": "ICS CERT", "id": "ICSA-22-349-03", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU91561630", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-020591", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-87982", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202212-2987", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87982" }, { "db": "JVNDB", "id": "JVNDB-2021-020591" }, { "db": "CNNVD", "id": "CNNVD-202212-2987" }, { "db": "NVD", "id": "CVE-2021-44695" } ] }, "id": "VAR-202212-1314", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-87982" } ], "trust": 1.306162763125 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87982" } ] }, "last_update_date": "2024-08-14T12:09:38.559000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens Industrial Product Denial of Service Vulnerability (CNVD-2022-87982)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/372486" }, { "title": "Siemens SIMATIC Drive Controller Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=245496" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87982" }, { "db": "CNNVD", "id": "CNNVD-202212-2987" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-1286", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 1.0 }, { "problemtype": "Improper validation of syntactic correctness of input (CWE-1286) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-020591" }, { "db": "NVD", "id": "CVE-2021-44695" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91561630/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44695" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-03" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-382653.html" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2021-44695/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-349-03" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/siemens-simatic-four-vulnerabilities-40092" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87982" }, { "db": "JVNDB", "id": "JVNDB-2021-020591" }, { "db": "CNNVD", "id": "CNNVD-202212-2987" }, { "db": "NVD", "id": "CVE-2021-44695" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-87982" }, { "db": "JVNDB", "id": "JVNDB-2021-020591" }, { "db": "CNNVD", "id": "CNNVD-202212-2987" }, { "db": "NVD", "id": "CVE-2021-44695" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-16T00:00:00", "db": "CNVD", "id": "CNVD-2022-87982" }, { "date": "2023-11-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-020591" }, { "date": "2022-12-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-2987" }, { "date": "2022-12-13T16:15:14.907000", "db": "NVD", "id": "CVE-2021-44695" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-16T00:00:00", "db": "CNVD", "id": "CNVD-2022-87982" }, { "date": "2023-11-29T01:29:00", "db": "JVNDB", "id": "JVNDB-2021-020591" }, { "date": "2023-07-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-2987" }, { "date": "2023-09-12T10:15:14.650000", "db": "NVD", "id": "CVE-2021-44695" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-2987" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Input syntactic validity validation vulnerability in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-020591" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-2987" } ], "trust": 0.6 } }
var-202207-0622
Vulnerability from variot
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). The application lacks proper validation of user-supplied data when parsing specific messages. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of device. The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect the SIMATIC S7-1200 controllers to a wide area network (WAN). They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or ST7 master via the SINAUT ST7 telecontrol protocol. The SIMATIC CP 1543-1 communications processor connects the SIMATIC S7-1500 controller to Ethernet. They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1543SP-1, CP 1542SP-1 and CP 1542SP-1 IRC communication processors connect the SIMATIC ET 200SP controllers to Ethernet. The SIMATIC CP 1543SP-1 and CP 1542SP-1 IRC communication processors also offer integrated security functions such as firewalls, virtual private networks (VPN) or support for other data encryption protocols. SIPLUSextreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware on which they are based
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0622", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic cp 1542sp-1 irc", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "simatic cp 1543sp-1", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "simatic cp 1243-7 lte eu", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus s7-1200 cp 1243-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus s7-1200 cp 1243-1 rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.22" }, { "model": "siplus net cp 1242-7 v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-7 lte us", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1242-7 v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus net cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.22" }, { "model": "simatic cp 1243-8 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp lte eu", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp lte us", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-8" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1543-1\u003c3.0.22" }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1543-1\u003c3.0.22" }, { "model": "siplus s7-1200 cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "siplus s7-1200 cp rail", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51636" }, { "db": "NVD", "id": "CVE-2022-34819" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-904" } ], "trust": 0.6 }, "cve": "CVE-2022-34819", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2022-34819", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2022-51636", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2022-34819", "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2022-34819", "trust": 1.0, "value": "CRITICAL" }, { "author": "productcert@siemens.com", "id": "CVE-2022-34819", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2022-51636", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202207-904", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2022-34819", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51636" }, { "db": "VULMON", "id": "CVE-2022-34819" }, { "db": "CNNVD", "id": "CNNVD-202207-904" }, { "db": "NVD", "id": "CVE-2022-34819" }, { "db": "NVD", "id": "CVE-2022-34819" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions \u003c V3.3.46), SIMATIC CP 1243-1 (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE US (All versions \u003c V3.3.46), SIMATIC CP 1243-8 IRC (All versions \u003c V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions \u003e= V2.0 \u003c V2.2.28), SIMATIC CP 1543-1 (All versions \u003c V3.0.22), SIMATIC CP 1543SP-1 (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions \u003c V3.3.46), SIPLUS NET CP 1543-1 (All versions \u003c V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions \u003c V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions \u003c V3.3.46). The application lacks proper validation of user-supplied data when parsing specific messages. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of device. The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect the SIMATIC S7-1200 controllers to a wide area network (WAN). They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or ST7 master via the SINAUT ST7 telecontrol protocol. The SIMATIC CP 1543-1 communications processor connects the SIMATIC S7-1500 controller to Ethernet. They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1543SP-1, CP 1542SP-1 and CP 1542SP-1 IRC communication processors connect the SIMATIC ET 200SP controllers to Ethernet. The SIMATIC CP 1543SP-1 and CP 1542SP-1 IRC communication processors also offer integrated security functions such as firewalls, virtual private networks (VPN) or support for other data encryption protocols. SIPLUSextreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware on which they are based", "sources": [ { "db": "NVD", "id": "CVE-2022-34819" }, { "db": "CNVD", "id": "CNVD-2022-51636" }, { "db": "VULMON", "id": "CVE-2022-34819" } ], "trust": 1.53 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SIEMENS", "id": "SSA-517377", "trust": 2.3 }, { "db": "NVD", "id": "CVE-2022-34819", "trust": 2.3 }, { "db": "ICS CERT", "id": "ICSA-22-195-12", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2022-51636", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022071333", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202207-904", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-34819", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51636" }, { "db": "VULMON", "id": "CVE-2022-34819" }, { "db": "CNNVD", "id": "CNNVD-202207-904" }, { "db": "NVD", "id": "CVE-2022-34819" } ] }, "id": "VAR-202207-0622", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-51636" } ], "trust": 1.3950221799999998 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51636" } ] }, "last_update_date": "2024-08-14T12:14:15.137000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens SIMATIC CP SRCS VPN Feature Buffer Overflow Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/339686" }, { "title": "Multiple Siemens Product Buffer Error Vulnerability Fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=228950" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51636" }, { "db": "CNNVD", "id": "CNNVD-202207-904" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-122", "trust": 1.0 }, { "problemtype": "CWE-787", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2022-34819" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-517377.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022071333" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-34819/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/siemens-simatic-cp-three-vulnerabilities-via-srcs-vpn-38784" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-195-12" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/122.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-12" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51636" }, { "db": "VULMON", "id": "CVE-2022-34819" }, { "db": "CNNVD", "id": "CNNVD-202207-904" }, { "db": "NVD", "id": "CVE-2022-34819" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-51636" }, { "db": "VULMON", "id": "CVE-2022-34819" }, { "db": "CNNVD", "id": "CNNVD-202207-904" }, { "db": "NVD", "id": "CVE-2022-34819" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-15T00:00:00", "db": "CNVD", "id": "CNVD-2022-51636" }, { "date": "2022-07-12T00:00:00", "db": "VULMON", "id": "CVE-2022-34819" }, { "date": "2022-07-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-904" }, { "date": "2022-07-12T10:15:12.293000", "db": "NVD", "id": "CVE-2022-34819" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-15T00:00:00", "db": "CNVD", "id": "CNVD-2022-51636" }, { "date": "2023-03-14T00:00:00", "db": "VULMON", "id": "CVE-2022-34819" }, { "date": "2023-03-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-904" }, { "date": "2023-03-14T10:15:21.217000", "db": "NVD", "id": "CVE-2022-34819" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-904" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens SIMATIC CP SRCS VPN Feature Buffer Overflow Vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2022-51636" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-904" } ], "trust": 0.6 } }
var-202212-1312
Vulnerability from variot
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. simatic s7-plcsim advanced firmware, SIMATIC S7-1200 CPU 1211C firmware, SIMATIC S7-1200 CPU 1212C Multiple Siemens products, including firmware, are vulnerable to improper validation of specified types of input.Information is tampered with and service operation is interrupted (DoS) It may be in a state. SIMATIC Drive Controllers are used for the automation of production machines, combining the functions of SIMATIC S7-1500 CPU and SINAMICS S120 drive control. SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller including optional visualization functions and central I/O in a compact device. SIMATIC S7-1200 CPU products are designed for discrete and continuous control in industrial environments, such as global manufacturing, food and beverage, and chemical industries. SIMATIC S7-1500 CPU products are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and chemical industry. SIMATIC S7-1500 Software Controller is the SIMATIC Software Controller for PC-based automation solutions. SIMATIC S7-PLCSIM Advanced simulates S7-1200, S7-1500 and some other PLC derivatives. Includes full network access to simulated PLCs, even in virtualized environments. SIPLUS extreme products are designed to operate reliably under extreme conditions, based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware as the products they are based on. TIM 1531 IRC is a communication module for SIMATIC S7-1500, S7-400, S7-300 and SINAUT ST7, DNP3 and IEC 60870-5-101/104, with three RJ45 interfaces for passing through IP-based networks (WAN/ LAN) and an RS 232/RS 485 interface for communication via a classic WAN network.
A denial of service vulnerability exists in Siemens Industrial products. Attackers can exploit this vulnerability to denial of service in the device
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1312", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic s7-1500 cpu 1517tf-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1217c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1513r-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 15prof-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu cpu 1513prof-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic et 200 sp open controller cpu 1515sp pc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1200 cpu 1211c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1511f-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 1214c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1510sp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515tf-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516-3 pn\\/dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1513-1 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515t-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1508s f", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515-2 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1517-3 pn\\/dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515f-2 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1214c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "tim 1531 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1200 cpu 1214 fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1508s", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 151511f-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518f-4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1215fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1512c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516-3 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1511t-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1513-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516f-3 pn\\/dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 151511c-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518-4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518tf-4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1512sp-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1212c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-plcsim advanced", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.0" }, { "model": "simatic s7-1500 cpu 15pro-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516pro f", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "siplus s7-1200 cp 1243-1 rail", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1512spf-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516-3 dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515r-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu cpu 1513pro-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1511-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516t-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1510sp-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1511c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1517-3 dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518hf-4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516pro-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1513f-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "siplus s7-1200 cp 1243-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1200 cpu 1214fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1200 cpu 1217c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1512c-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1214fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1511f-1 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1511tf-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 1215fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1518-4 pn\\/dp mfp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 1212c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1511c-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1507s f", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1513f-1 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 1212fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1518-4 pn\\/dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1517f-3 pn\\/dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 1215 fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1516f-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516tf-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1517-3 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518t-4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1211c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1200 cpu 1215c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1518-4 dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1215c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 software controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500 cpu 1511-1 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518-4 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518f-4 pn\\/dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1517-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515f-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1507s", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "siplus tim 1531 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1200 cpu 12 1212fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1517f-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 1212c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1215fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1217c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1211c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1212fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1214fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1215c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1214c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1215 fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1215c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1214fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus s7-1200 cp 1243-1 rail", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-plcsim advanced", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1212fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1217c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1214c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1214 fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1211c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1212c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1215fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic et 200sp open controller cpu 1515sp pc2", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic drive controller family", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v3.0.1" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87983" }, { "db": "JVNDB", "id": "JVNDB-2021-020592" }, { "db": "NVD", "id": "CVE-2021-44694" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Gao Jian reported these vulnerabilities to Siemens.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-2985" } ], "trust": 0.6 }, "cve": "CVE-2021-44694", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2022-87983", "impactScore": 7.8, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.2, "id": "CVE-2021-44694", "impactScore": 4.2, "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2021-44694", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "High", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2021-020592", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2021-44694", "trust": 1.0, "value": "MEDIUM" }, { "author": "nvd@nist.gov", "id": "CVE-2021-44694", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2021-020592", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2022-87983", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202212-2985", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87983" }, { "db": "JVNDB", "id": "JVNDB-2021-020592" }, { "db": "CNNVD", "id": "CNNVD-202212-2985" }, { "db": "NVD", "id": "CVE-2021-44694" }, { "db": "NVD", "id": "CVE-2021-44694" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Affected devices don\u0027t process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. simatic s7-plcsim advanced firmware, SIMATIC S7-1200 CPU 1211C firmware, SIMATIC S7-1200 CPU 1212C Multiple Siemens products, including firmware, are vulnerable to improper validation of specified types of input.Information is tampered with and service operation is interrupted (DoS) It may be in a state. SIMATIC Drive Controllers are used for the automation of production machines, combining the functions of SIMATIC S7-1500 CPU and SINAMICS S120 drive control. SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller including optional visualization functions and central I/O in a compact device. SIMATIC S7-1200 CPU products are designed for discrete and continuous control in industrial environments, such as global manufacturing, food and beverage, and chemical industries. SIMATIC S7-1500 CPU products are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and chemical industry. SIMATIC S7-1500 Software Controller is the SIMATIC Software Controller for PC-based automation solutions. SIMATIC S7-PLCSIM Advanced simulates S7-1200, S7-1500 and some other PLC derivatives. Includes full network access to simulated PLCs, even in virtualized environments. SIPLUS extreme products are designed to operate reliably under extreme conditions, based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware as the products they are based on. TIM 1531 IRC is a communication module for SIMATIC S7-1500, S7-400, S7-300 and SINAUT ST7, DNP3 and IEC 60870-5-101/104, with three RJ45 interfaces for passing through IP-based networks (WAN/ LAN) and an RS 232/RS 485 interface for communication via a classic WAN network. \n\r\n\r\nA denial of service vulnerability exists in Siemens Industrial products. Attackers can exploit this vulnerability to denial of service in the device", "sources": [ { "db": "NVD", "id": "CVE-2021-44694" }, { "db": "JVNDB", "id": "JVNDB-2021-020592" }, { "db": "CNVD", "id": "CNVD-2022-87983" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-44694", "trust": 3.8 }, { "db": "SIEMENS", "id": "SSA-382653", "trust": 3.0 }, { "db": "ICS CERT", "id": "ICSA-22-349-03", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU91561630", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-020592", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-87983", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202212-2985", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87983" }, { "db": "JVNDB", "id": "JVNDB-2021-020592" }, { "db": "CNNVD", "id": "CNNVD-202212-2985" }, { "db": "NVD", "id": "CVE-2021-44694" } ] }, "id": "VAR-202212-1312", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-87983" } ], "trust": 1.2655165527272727 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87983" } ] }, "last_update_date": "2024-08-14T12:47:24.800000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens Industrial Product Denial of Service Vulnerability (CNVD-2022-87983)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/372471" }, { "title": "Siemens SIMATIC Drive Controller Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=245495" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87983" }, { "db": "CNNVD", "id": "CNNVD-202212-2985" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-1287", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 1.0 }, { "problemtype": "Improper validation for input of specified type (CWE-1287) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-020592" }, { "db": "NVD", "id": "CVE-2021-44694" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91561630/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44694" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-03" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-382653.html" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2021-44694/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-349-03" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/siemens-simatic-four-vulnerabilities-40092" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87983" }, { "db": "JVNDB", "id": "JVNDB-2021-020592" }, { "db": "CNNVD", "id": "CNNVD-202212-2985" }, { "db": "NVD", "id": "CVE-2021-44694" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-87983" }, { "db": "JVNDB", "id": "JVNDB-2021-020592" }, { "db": "CNNVD", "id": "CNNVD-202212-2985" }, { "db": "NVD", "id": "CVE-2021-44694" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-16T00:00:00", "db": "CNVD", "id": "CNVD-2022-87983" }, { "date": "2023-11-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-020592" }, { "date": "2022-12-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-2985" }, { "date": "2022-12-13T16:15:14.840000", "db": "NVD", "id": "CVE-2021-44694" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-16T00:00:00", "db": "CNVD", "id": "CNVD-2022-87983" }, { "date": "2023-11-29T01:31:00", "db": "JVNDB", "id": "JVNDB-2021-020592" }, { "date": "2023-07-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-2985" }, { "date": "2023-09-12T10:15:13.027000", "db": "NVD", "id": "CVE-2021-44694" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-2985" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Improper validation vulnerability for specified types of input in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-020592" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-2985" } ], "trust": 0.6 } }
var-202304-0701
Vulnerability from variot
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product. simatic cp 1242-7 v2 firmware, SIMATIC CP 1243-1 firmware, simatic cp 1243-1 dnp3 Multiple Siemens products, including firmware, contain vulnerabilities related to limited or unthrottled resource allocation.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC IPC DiagMonitor is a set of system monitoring and fault diagnosis software from Siemens. The SIMATIC CP 1242-7 and CP 1243-7 LTE communications processors connect the SIMATIC S7-1200 controllers to the wide area network (WAN). They offer integrated security features such as firewalls, virtual private networks (VPNs), and support for other data encryption protocols. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or the ST7 master station via the SINAUT ST7 remote control protocol
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-0701", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic cp", "scope": "eq", "trust": 1.2, "vendor": "siemens", "version": "443-1\u003cv3.3" }, { "model": "simatic cp 1243-7 lte eu", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1542sp-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 443-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "siplus net cp 443-1 advanced", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic ipc diagbase", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus tim 1531 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3.6" }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic ipc diagmonitor", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "tim 1531 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3.6" }, { "model": "siplus s7-1200 cp 1243-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-1 iec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus net cp 1242-7 v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus s7-1200 cp 1243-1 rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-7 lte us", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus net cp 443-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "simatic cp 1243-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-8 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-1 dnp3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1543sp-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1542sp-1 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 443-1 advanced", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "simatic cp 1242-7 v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 443-1 advanced", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic ipc diagmonitor", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-1 dnp3", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus net cp 1242-7 v2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1542sp-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-8 irc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-7 lte us", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus net cp 443-1 advanced", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1543sp-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 443-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1242-7 v2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-1 iec", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus net cp 443-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic ipc diagbase", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1542sp-1 irc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-7 lte eu", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic ipc diagmonitor", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp lte eu", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp lte us", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-8" }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "siplus s7-1200 cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "siplus s7-1200 cp rail", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp advanced", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1\u003cv3.3" }, { "model": "simatic cp dnp3", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp iec", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp 1542sp-1", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 1542sp-1 irc", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 1543sp-1", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic ipc diagbase", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1\u003cv3.3" }, { "model": "siplus net cp advanced \u003cv3.3l", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1" }, { "model": "siplus tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531\u003cv2.3.6" }, { "model": "tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531\u003cv2.3.6" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35759" }, { "db": "JVNDB", "id": "JVNDB-2022-022095" }, { "db": "NVD", "id": "CVE-2022-43768" } ] }, "cve": "CVE-2022-43768", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2023-35759", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2022-43768", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2022-022095", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2022-43768", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2022-022095", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2023-35759", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202304-726", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35759" }, { "db": "JVNDB", "id": "JVNDB-2022-022095" }, { "db": "CNNVD", "id": "CNNVD-202304-726" }, { "db": "NVD", "id": "CVE-2022-43768" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions \u003c V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions \u003c V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions \u003c V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions \u003c V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions \u003c V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions \u003c V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions \u003c V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product. simatic cp 1242-7 v2 firmware, SIMATIC CP 1243-1 firmware, simatic cp 1243-1 dnp3 Multiple Siemens products, including firmware, contain vulnerabilities related to limited or unthrottled resource allocation.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC IPC DiagMonitor is a set of system monitoring and fault diagnosis software from Siemens. The SIMATIC CP 1242-7 and CP 1243-7 LTE communications processors connect the SIMATIC S7-1200 controllers to the wide area network (WAN). They offer integrated security features such as firewalls, virtual private networks (VPNs), and support for other data encryption protocols. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or the ST7 master station via the SINAUT ST7 remote control protocol", "sources": [ { "db": "NVD", "id": "CVE-2022-43768" }, { "db": "JVNDB", "id": "JVNDB-2022-022095" }, { "db": "CNVD", "id": "CNVD-2023-35759" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-43768", "trust": 3.8 }, { "db": "SIEMENS", "id": "SSA-566905", "trust": 3.0 }, { "db": "SIEMENS", "id": "SSA-139628", "trust": 1.0 }, { "db": "ICS CERT", "id": "ICSA-23-103-10", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU94715153", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-022095", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-35759", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.2159", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202304-726", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35759" }, { "db": "JVNDB", "id": "JVNDB-2022-022095" }, { "db": "CNNVD", "id": "CNNVD-202304-726" }, { "db": "NVD", "id": "CVE-2022-43768" } ] }, "id": "VAR-202304-0701", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-35759" } ], "trust": 1.3845387558333333 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35759" } ] }, "last_update_date": "2024-09-10T22:39:35.933000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Denial of Service Vulnerability in Several Siemens Products (CNVD-2023-35759)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/424651" }, { "title": "Siemens SIMATIC CP443-1 OPC UA9 Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=233079" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35759" }, { "db": "CNNVD", "id": "CNNVD-202304-726" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-770", "trust": 1.0 }, { "problemtype": "Allocation of resources without limits or throttling (CWE-770) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022095" }, { "db": "NVD", "id": "CVE-2022-43768" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu94715153/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43768" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-10" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-43768/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.2159" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35759" }, { "db": "JVNDB", "id": "JVNDB-2022-022095" }, { "db": "CNNVD", "id": "CNNVD-202304-726" }, { "db": "NVD", "id": "CVE-2022-43768" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-35759" }, { "db": "JVNDB", "id": "JVNDB-2022-022095" }, { "db": "CNNVD", "id": "CNNVD-202304-726" }, { "db": "NVD", "id": "CVE-2022-43768" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-05-10T00:00:00", "db": "CNVD", "id": "CNVD-2023-35759" }, { "date": "2023-11-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-022095" }, { "date": "2023-04-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-726" }, { "date": "2023-04-11T10:15:17.617000", "db": "NVD", "id": "CVE-2022-43768" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-05-10T00:00:00", "db": "CNVD", "id": "CNVD-2023-35759" }, { "date": "2023-11-15T06:20:00", "db": "JVNDB", "id": "JVNDB-2022-022095" }, { "date": "2023-05-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-726" }, { "date": "2024-09-10T10:15:05.020000", "db": "NVD", "id": "CVE-2022-43768" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-726" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vulnerability in limiting or non-slotting resource allocation in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022095" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-726" } ], "trust": 0.6 } }
var-202207-0621
Vulnerability from variot
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.2), SCALANCE M804PB (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.2), SCALANCE M874-2 (All versions < V7.2), SCALANCE M874-3 (All versions < V7.2), SCALANCE M876-3 (EVDO) (All versions < V7.2), SCALANCE M876-3 (ROK) (All versions < V7.2), SCALANCE M876-4 (All versions < V7.2), SCALANCE M876-4 (EU) (All versions < V7.2), SCALANCE M876-4 (NAM) (All versions < V7.2), SCALANCE MUM853-1 (EU) (All versions < V7.2), SCALANCE MUM856-1 (EU) (All versions < V7.2), SCALANCE MUM856-1 (RoW) (All versions < V7.2), SCALANCE S615 (All versions < V7.2), SCALANCE S615 EEC (All versions < V7.2), SCALANCE SC622-2C (All versions < V2.3), SCALANCE SC622-2C (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (All versions < V2.3), SCALANCE SC626-2C (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (All versions < V2.3), SCALANCE SC632-2C (All versions >= V2.3 < V3.0), SCALANCE SC636-2C (All versions < V2.3), SCALANCE SC636-2C (All versions >= V2.3 < V3.0), SCALANCE SC642-2C (All versions < V2.3), SCALANCE SC642-2C (All versions >= V2.3 < V3.0), SCALANCE SC646-2C (All versions < V2.3), SCALANCE SC646-2C (All versions >= V2.3 < V3.0), SCALANCE WAM763-1 (All versions), SCALANCE WAM766-1 (EU) (All versions), SCALANCE WAM766-1 (US) (All versions), SCALANCE WAM766-1 EEC (EU) (All versions), SCALANCE WAM766-1 EEC (US) (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM766-1 (EU) (All versions), SCALANCE WUM766-1 (US) (All versions), SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges. The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect the SIMATIC S7-1200 controllers to a wide area network (WAN). They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or ST7 master via the SINAUT ST7 telecontrol protocol. The SIMATIC CP 1543-1 communications processor connects the SIMATIC S7-1500 controller to Ethernet. They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1543SP-1, CP 1542SP-1 and CP 1542SP-1 IRC communication processors connect the SIMATIC ET 200SP controllers to Ethernet. The SIMATIC CP 1543SP-1 and CP 1542SP-1 IRC communication processors also offer integrated security functions such as firewalls, virtual private networks (VPN) or support for other data encryption protocols. SIPLUSextreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware on which they are based
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0621", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic cp 1542sp-1 irc", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "simatic cp 1543sp-1", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "simatic cp 1243-7 lte eu", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus s7-1200 cp 1243-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus s7-1200 cp 1243-1 rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.22" }, { "model": "siplus net cp 1242-7 v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-7 lte us", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1242-7 v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus net cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.22" }, { "model": "simatic cp 1243-8 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp lte eu", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp lte us", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-8" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1543-1\u003c3.0.22" }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1543-1\u003c3.0.22" }, { "model": "siplus s7-1200 cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "siplus s7-1200 cp rail", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51634" }, { "db": "NVD", "id": "CVE-2022-34821" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-902" } ], "trust": 0.6 }, "cve": "CVE-2022-34821", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2022-34821", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.2, "id": "CNVD-2022-51634", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2022-34821", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "ADJACENT", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.0, "id": "CVE-2022-34821", "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2022-34821", "trust": 1.0, "value": "CRITICAL" }, { "author": "productcert@siemens.com", "id": "CVE-2022-34821", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2022-51634", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202207-902", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2022-34821", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51634" }, { "db": "VULMON", "id": "CVE-2022-34821" }, { "db": "CNNVD", "id": "CNNVD-202207-902" }, { "db": "NVD", "id": "CVE-2022-34821" }, { "db": "NVD", "id": "CVE-2022-34821" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions \u003c V7.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions \u003c V7.2), SCALANCE M804PB (All versions \u003c V7.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions \u003c V7.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions \u003c V7.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions \u003c V7.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions \u003c V7.2), SCALANCE M826-2 SHDSL-Router (All versions \u003c V7.2), SCALANCE M874-2 (All versions \u003c V7.2), SCALANCE M874-3 (All versions \u003c V7.2), SCALANCE M876-3 (EVDO) (All versions \u003c V7.2), SCALANCE M876-3 (ROK) (All versions \u003c V7.2), SCALANCE M876-4 (All versions \u003c V7.2), SCALANCE M876-4 (EU) (All versions \u003c V7.2), SCALANCE M876-4 (NAM) (All versions \u003c V7.2), SCALANCE MUM853-1 (EU) (All versions \u003c V7.2), SCALANCE MUM856-1 (EU) (All versions \u003c V7.2), SCALANCE MUM856-1 (RoW) (All versions \u003c V7.2), SCALANCE S615 (All versions \u003c V7.2), SCALANCE S615 EEC (All versions \u003c V7.2), SCALANCE SC622-2C (All versions \u003c V2.3), SCALANCE SC622-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC626-2C (All versions \u003c V2.3), SCALANCE SC626-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC632-2C (All versions \u003c V2.3), SCALANCE SC632-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC636-2C (All versions \u003c V2.3), SCALANCE SC636-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC642-2C (All versions \u003c V2.3), SCALANCE SC642-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC646-2C (All versions \u003c V2.3), SCALANCE SC646-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE WAM763-1 (All versions), SCALANCE WAM766-1 (EU) (All versions), SCALANCE WAM766-1 (US) (All versions), SCALANCE WAM766-1 EEC (EU) (All versions), SCALANCE WAM766-1 EEC (US) (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM766-1 (EU) (All versions), SCALANCE WUM766-1 (US) (All versions), SIMATIC CP 1242-7 V2 (All versions \u003c V3.3.46), SIMATIC CP 1243-1 (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE US (All versions \u003c V3.3.46), SIMATIC CP 1243-8 IRC (All versions \u003c V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions \u003e= V2.0 \u003c V2.2.28), SIMATIC CP 1543-1 (All versions \u003c V3.0.22), SIMATIC CP 1543SP-1 (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions \u003c V3.3.46), SIPLUS NET CP 1543-1 (All versions \u003c V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions \u003c V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions \u003c V3.3.46). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges. The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect the SIMATIC S7-1200 controllers to a wide area network (WAN). They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or ST7 master via the SINAUT ST7 telecontrol protocol. The SIMATIC CP 1543-1 communications processor connects the SIMATIC S7-1500 controller to Ethernet. They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1543SP-1, CP 1542SP-1 and CP 1542SP-1 IRC communication processors connect the SIMATIC ET 200SP controllers to Ethernet. The SIMATIC CP 1543SP-1 and CP 1542SP-1 IRC communication processors also offer integrated security functions such as firewalls, virtual private networks (VPN) or support for other data encryption protocols. SIPLUSextreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware on which they are based", "sources": [ { "db": "NVD", "id": "CVE-2022-34821" }, { "db": "CNVD", "id": "CNVD-2022-51634" }, { "db": "VULMON", "id": "CVE-2022-34821" } ], "trust": 1.53 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-34821", "trust": 2.3 }, { "db": "SIEMENS", "id": "SSA-517377", "trust": 2.3 }, { "db": "SIEMENS", "id": "SSA-413565", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-22-195-12", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2022-51634", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-349-04", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022071333", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202207-902", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-34821", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51634" }, { "db": "VULMON", "id": "CVE-2022-34821" }, { "db": "CNNVD", "id": "CNNVD-202207-902" }, { "db": "NVD", "id": "CVE-2022-34821" } ] }, "id": "VAR-202207-0621", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-51634" } ], "trust": 1.3950221799999998 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51634" } ] }, "last_update_date": "2024-08-14T12:05:42.870000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens SIMATIC CP SRCS VPN Feature Code Injection Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/339696" }, { "title": "Siemens SIMATIC Fixes for code injection vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=228948" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51634" }, { "db": "CNNVD", "id": "CNNVD-202207-902" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-94", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2022-34821" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-517377.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022071333" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-349-04" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/siemens-simatic-cp-three-vulnerabilities-via-srcs-vpn-38784" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-34821/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-195-12" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/94.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-12" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51634" }, { "db": "VULMON", "id": "CVE-2022-34821" }, { "db": "CNNVD", "id": "CNNVD-202207-902" }, { "db": "NVD", "id": "CVE-2022-34821" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-51634" }, { "db": "VULMON", "id": "CVE-2022-34821" }, { "db": "CNNVD", "id": "CNNVD-202207-902" }, { "db": "NVD", "id": "CVE-2022-34821" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-15T00:00:00", "db": "CNVD", "id": "CNVD-2022-51634" }, { "date": "2022-07-12T00:00:00", "db": "VULMON", "id": "CVE-2022-34821" }, { "date": "2022-07-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-902" }, { "date": "2022-07-12T10:15:12.393000", "db": "NVD", "id": "CVE-2022-34821" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-15T00:00:00", "db": "CNVD", "id": "CNVD-2022-51634" }, { "date": "2023-10-10T00:00:00", "db": "VULMON", "id": "CVE-2022-34821" }, { "date": "2023-03-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-902" }, { "date": "2023-10-10T11:15:10.703000", "db": "NVD", "id": "CVE-2022-34821" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote or local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-902" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens SIMATIC CP SRCS VPN Feature Code Injection Vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2022-51634" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-902" } ], "trust": 0.6 } }
var-202207-0620
Vulnerability from variot
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). The application does not correctly escape some user provided fields during the authentication process. This could allow an attacker to inject custom commands and execute arbitrary code with elevated privileges. The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect the SIMATIC S7-1200 controllers to a wide area network (WAN). They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or ST7 master via the SINAUT ST7 telecontrol protocol. The SIMATIC CP 1543-1 communications processor connects the SIMATIC S7-1500 controller to Ethernet. They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1543SP-1, CP 1542SP-1 and CP 1542SP-1 IRC communication processors connect the SIMATIC ET 200SP controllers to Ethernet. The SIMATIC CP 1543SP-1 and CP 1542SP-1 IRC communication processors also offer integrated security functions such as firewalls, virtual private networks (VPN) or support for other data encryption protocols. SIPLUSextreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware on which they are based
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0620", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic cp 1542sp-1 irc", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "simatic cp 1543sp-1", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2.28" }, { "model": "simatic cp 1243-7 lte eu", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.46" }, { "model": "siplus s7-1200 cp 1243-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.46" }, { "model": "simatic cp 1243-7 lte us", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.46" }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2.28" }, { "model": "siplus net cp 1242-7 v2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.46" }, { "model": "simatic cp 1243-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.46" }, { "model": "simatic cp 1543sp-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2.28" }, { "model": "siplus net cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.22" }, { "model": "simatic cp 1242-7 v2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.46" }, { "model": "simatic cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.22" }, { "model": "simatic cp 1542sp-1 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2.28" }, { "model": "siplus s7-1200 cp 1243-1 rail", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.46" }, { "model": "simatic cp 1243-8 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.46" }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2.28" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp lte eu", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp lte us", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-8" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1543-1\u003c3.0.22" }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1543-1\u003c3.0.22" }, { "model": "siplus s7-1200 cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "siplus s7-1200 cp rail", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51635" }, { "db": "NVD", "id": "CVE-2022-34820" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-903" } ], "trust": 0.6 }, "cve": "CVE-2022-34820", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2022-34820", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 6.5, "id": "CNVD-2022-51635", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2022-34820", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "ADJACENT", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.7, "id": "CVE-2022-34820", "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2022-34820", "trust": 1.0, "value": "CRITICAL" }, { "author": "productcert@siemens.com", "id": "CVE-2022-34820", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2022-51635", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202207-903", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2022-34820", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51635" }, { "db": "VULMON", "id": "CVE-2022-34820" }, { "db": "CNNVD", "id": "CNNVD-202207-903" }, { "db": "NVD", "id": "CVE-2022-34820" }, { "db": "NVD", "id": "CVE-2022-34820" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions \u003c V3.3.46), SIMATIC CP 1243-1 (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE US (All versions \u003c V3.3.46), SIMATIC CP 1243-8 IRC (All versions \u003c V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions \u003e= V2.0 \u003c V2.2.28), SIMATIC CP 1543-1 (All versions \u003c V3.0.22), SIMATIC CP 1543SP-1 (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions \u003c V3.3.46), SIPLUS NET CP 1543-1 (All versions \u003c V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions \u003c V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions \u003c V3.3.46). The application does not correctly escape some user provided fields during the authentication process. This could allow an attacker to inject custom commands and execute arbitrary code with elevated privileges. The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect the SIMATIC S7-1200 controllers to a wide area network (WAN). They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or ST7 master via the SINAUT ST7 telecontrol protocol. The SIMATIC CP 1543-1 communications processor connects the SIMATIC S7-1500 controller to Ethernet. They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1543SP-1, CP 1542SP-1 and CP 1542SP-1 IRC communication processors connect the SIMATIC ET 200SP controllers to Ethernet. The SIMATIC CP 1543SP-1 and CP 1542SP-1 IRC communication processors also offer integrated security functions such as firewalls, virtual private networks (VPN) or support for other data encryption protocols. SIPLUSextreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware on which they are based", "sources": [ { "db": "NVD", "id": "CVE-2022-34820" }, { "db": "CNVD", "id": "CNVD-2022-51635" }, { "db": "VULMON", "id": "CVE-2022-34820" } ], "trust": 1.53 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-34820", "trust": 2.3 }, { "db": "SIEMENS", "id": "SSA-517377", "trust": 2.3 }, { "db": "ICS CERT", "id": "ICSA-22-195-12", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2022-51635", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022071333", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202207-903", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-34820", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51635" }, { "db": "VULMON", "id": "CVE-2022-34820" }, { "db": "CNNVD", "id": "CNNVD-202207-903" }, { "db": "NVD", "id": "CVE-2022-34820" } ] }, "id": "VAR-202207-0620", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-51635" } ], "trust": 1.3950221799999998 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51635" } ] }, "last_update_date": "2024-08-14T12:58:52.107000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens SIMATIC CP SRCS VPN Feature Command Injection Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/339691" }, { "title": "Multiple Siemens SIMATIC Product Command Injection Vulnerability Fixes", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=228949" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51635" }, { "db": "CNNVD", "id": "CNNVD-202207-903" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-77", "trust": 1.0 }, { "problemtype": "CWE-116", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2022-34820" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-517377.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022071333" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-34820/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/siemens-simatic-cp-three-vulnerabilities-via-srcs-vpn-38784" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-195-12" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/116.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-12" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51635" }, { "db": "VULMON", "id": "CVE-2022-34820" }, { "db": "CNNVD", "id": "CNNVD-202207-903" }, { "db": "NVD", "id": "CVE-2022-34820" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-51635" }, { "db": "VULMON", "id": "CVE-2022-34820" }, { "db": "CNNVD", "id": "CNNVD-202207-903" }, { "db": "NVD", "id": "CVE-2022-34820" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-15T00:00:00", "db": "CNVD", "id": "CNVD-2022-51635" }, { "date": "2022-07-12T00:00:00", "db": "VULMON", "id": "CVE-2022-34820" }, { "date": "2022-07-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-903" }, { "date": "2022-07-12T10:15:12.343000", "db": "NVD", "id": "CVE-2022-34820" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-15T00:00:00", "db": "CNVD", "id": "CNVD-2022-51635" }, { "date": "2023-06-29T00:00:00", "db": "VULMON", "id": "CVE-2022-34820" }, { "date": "2023-06-30T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-903" }, { "date": "2023-06-29T15:34:19.477000", "db": "NVD", "id": "CVE-2022-34820" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote or local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-903" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens SIMATIC CP SRCS VPN Feature Command Injection Vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2022-51635" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "command injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-903" } ], "trust": 0.6 } }
var-202304-0700
Vulnerability from variot
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product. simatic cp 1242-7 v2 firmware, SIMATIC CP 1243-1 firmware, simatic cp 1243-1 dnp3 Several Siemens products, including firmware, contain vulnerabilities related to deadlock.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC IPC DiagMonitor is a set of system monitoring and fault diagnosis software from Siemens. The SIMATIC CP 1242-7 and CP 1243-7 LTE communications processors connect the SIMATIC S7-1200 controllers to the wide area network (WAN). They offer integrated security features such as firewalls, virtual private networks (VPNs), and support for other data encryption protocols. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or the ST7 master station via the SINAUT ST7 remote control protocol
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-0700", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic cp", "scope": "eq", "trust": 1.2, "vendor": "siemens", "version": "443-1\u003cv3.3" }, { "model": "simatic cp 1243-7 lte eu", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1542sp-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 443-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "siplus net cp 443-1 advanced", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic ipc diagbase", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus tim 1531 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3.6" }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic ipc diagmonitor", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "tim 1531 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3.6" }, { "model": "siplus s7-1200 cp 1243-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-1 iec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus net cp 1242-7 v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus s7-1200 cp 1243-1 rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-7 lte us", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus net cp 443-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "simatic cp 1243-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-8 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-1 dnp3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1543sp-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1542sp-1 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 443-1 advanced", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "simatic cp 1242-7 v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 443-1 advanced", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic ipc diagmonitor", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-1 dnp3", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus net cp 1242-7 v2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1542sp-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-8 irc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-7 lte us", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus net cp 443-1 advanced", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1543sp-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 443-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1242-7 v2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-1 iec", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus net cp 443-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic ipc diagbase", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1542sp-1 irc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1243-7 lte eu", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic ipc diagmonitor", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp lte eu", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp lte us", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-8" }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "siplus s7-1200 cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "siplus s7-1200 cp rail", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp advanced", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1\u003cv3.3" }, { "model": "simatic cp dnp3", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp iec", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp 1542sp-1", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 1542sp-1 irc", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 1543sp-1", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic ipc diagbase", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1\u003cv3.3" }, { "model": "siplus net cp advanced \u003cv3.3l", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1" }, { "model": "siplus tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531\u003cv2.3.6" }, { "model": "tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531\u003cv2.3.6" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35758" }, { "db": "JVNDB", "id": "JVNDB-2022-022094" }, { "db": "NVD", "id": "CVE-2022-43767" } ] }, "cve": "CVE-2022-43767", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2023-35758", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2022-43767", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2022-022094", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2022-43767", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2022-022094", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2023-35758", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202304-729", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35758" }, { "db": "JVNDB", "id": "JVNDB-2022-022094" }, { "db": "CNNVD", "id": "CNNVD-202304-729" }, { "db": "NVD", "id": "CVE-2022-43767" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions \u003c V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions \u003c V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions \u003c V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions \u003c V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions \u003c V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions \u003c V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions \u003c V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product. simatic cp 1242-7 v2 firmware, SIMATIC CP 1243-1 firmware, simatic cp 1243-1 dnp3 Several Siemens products, including firmware, contain vulnerabilities related to deadlock.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC IPC DiagMonitor is a set of system monitoring and fault diagnosis software from Siemens. The SIMATIC CP 1242-7 and CP 1243-7 LTE communications processors connect the SIMATIC S7-1200 controllers to the wide area network (WAN). They offer integrated security features such as firewalls, virtual private networks (VPNs), and support for other data encryption protocols. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or the ST7 master station via the SINAUT ST7 remote control protocol", "sources": [ { "db": "NVD", "id": "CVE-2022-43767" }, { "db": "JVNDB", "id": "JVNDB-2022-022094" }, { "db": "CNVD", "id": "CNVD-2023-35758" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-43767", "trust": 3.8 }, { "db": "SIEMENS", "id": "SSA-566905", "trust": 3.0 }, { "db": "SIEMENS", "id": "SSA-139628", "trust": 1.0 }, { "db": "ICS CERT", "id": "ICSA-23-103-10", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU94715153", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-022094", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-35758", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.2159", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202304-729", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35758" }, { "db": "JVNDB", "id": "JVNDB-2022-022094" }, { "db": "CNNVD", "id": "CNNVD-202304-729" }, { "db": "NVD", "id": "CVE-2022-43767" } ] }, "id": "VAR-202304-0700", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-35758" } ], "trust": 1.3845387558333333 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35758" } ] }, "last_update_date": "2024-09-10T22:24:04.730000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Denial of Service Vulnerability in Several Siemens Products (CNVD-2023-35758)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/424646" }, { "title": "Siemens SIMATIC CP443-1 OPC UA9 Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=233082" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35758" }, { "db": "CNNVD", "id": "CNNVD-202304-729" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-833", "trust": 1.0 }, { "problemtype": "deadlock (CWE-833) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022094" }, { "db": "NVD", "id": "CVE-2022-43767" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu94715153/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43767" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-10" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-43767/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.2159" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-35758" }, { "db": "JVNDB", "id": "JVNDB-2022-022094" }, { "db": "CNNVD", "id": "CNNVD-202304-729" }, { "db": "NVD", "id": "CVE-2022-43767" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-35758" }, { "db": "JVNDB", "id": "JVNDB-2022-022094" }, { "db": "CNNVD", "id": "CNNVD-202304-729" }, { "db": "NVD", "id": "CVE-2022-43767" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-05-10T00:00:00", "db": "CNVD", "id": "CNVD-2023-35758" }, { "date": "2023-11-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-022094" }, { "date": "2023-04-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-729" }, { "date": "2023-04-11T10:15:17.540000", "db": "NVD", "id": "CVE-2022-43767" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-05-10T00:00:00", "db": "CNVD", "id": "CNVD-2023-35758" }, { "date": "2023-11-15T06:20:00", "db": "JVNDB", "id": "JVNDB-2022-022094" }, { "date": "2023-05-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-729" }, { "date": "2024-09-10T10:15:04.850000", "db": "NVD", "id": "CVE-2022-43767" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-729" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Deadlock vulnerability in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-022094" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-729" } ], "trust": 0.6 } }
var-202212-1311
Vulnerability from variot
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. simatic s7-plcsim advanced firmware, SIMATIC S7-1200 CPU 1211C firmware, SIMATIC S7-1200 CPU 1212C Multiple Siemens products, including firmware, contain a vulnerability related to improper validation of quantities specified in input.Service operation interruption (DoS) It may be in a state. SIMATIC Drive Controllers are used for the automation of production machines, combining the functions of SIMATIC S7-1500 CPU and SINAMICS S120 drive control. SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller including optional visualization functions and central I/O in a compact device. SIMATIC S7-1200 CPU products are designed for discrete and continuous control in industrial environments, such as global manufacturing, food and beverage, and chemical industries. SIMATIC S7-1500 CPU products are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and chemical industry. SIMATIC S7-1500 Software Controller is the SIMATIC Software Controller for PC-based automation solutions. SIMATIC S7-PLCSIM Advanced simulates S7-1200, S7-1500 and some other PLC derivatives. Includes full network access to simulated PLCs, even in virtualized environments. SIPLUS extreme products are designed to operate reliably under extreme conditions, based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware as the products they are based on. TIM 1531 IRC is a communication module for SIMATIC S7-1500, S7-400, S7-300 and SINAUT ST7, DNP3 and IEC 60870-5-101/104, with three RJ45 interfaces for passing through IP-based networks (WAN/ LAN) and an RS 232/RS 485 interface for communication via a classic WAN network.
A denial of service vulnerability exists in Siemens Industrial products. Attackers can exploit this vulnerability to denial of service in the device
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1311", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic s7-1500 cpu 1517tf-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1217c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1513r-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 15prof-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu cpu 1513prof-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic et 200 sp open controller cpu 1515sp pc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1200 cpu 1211c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "siplus s7-300 cpu 317-2 pn\\/dp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500 cpu 1511f-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 1214c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1510sp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515tf-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516-3 pn\\/dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1513-1 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515t-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1508s f", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515-2 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1517-3 pn\\/dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515f-2 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1214c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "tim 1531 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1200 cpu 1214 fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1508s", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 151511f-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518f-4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1215fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1512c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516-3 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1511t-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1513-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516f-3 pn\\/dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 151511c-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518-4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518tf-4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1512sp-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1212c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-plcsim advanced", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.0" }, { "model": "simatic s7-1500 cpu 15pro-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516pro f", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "siplus s7-1200 cp 1243-1 rail", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1512spf-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516-3 dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515r-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu cpu 1513pro-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1511-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516t-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1510sp-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1511c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1517-3 dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518hf-4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516pro-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1513f-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "siplus s7-1200 cp 1243-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1200 cpu 1214fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1200 cpu 1217c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "siplus s7-300 cpu 314", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "siplus s7-300 cpu 315-2 pn\\/dp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500 cpu 1512c-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1214fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1511f-1 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1511tf-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 1215fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1518-4 pn\\/dp mfp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 1212c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1511c-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1507s f", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1513f-1 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 1212fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1518-4 pn\\/dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1517f-3 pn\\/dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 1215 fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1516f-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1516tf-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1517-3 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518t-4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1211c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1200 cpu 1215c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 cpu 1518-4 dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 12 1215c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "simatic s7-1500 software controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500 cpu 1511-1 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518-4 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1518f-4 pn\\/dp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1517-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1515f-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1500 cpu 1507s", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "siplus tim 1531 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1200 cpu 12 1212fc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6.0" }, { "model": "siplus s7-300 cpu 315-2 dp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500 cpu 1517f-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.1" }, { "model": "simatic s7-1200 cpu 1212c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1215fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1217c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1211c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1212fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1214fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1215c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1214c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1215 fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1215c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1214fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "siplus s7-1200 cp 1243-1 rail", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-plcsim advanced", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1212fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1217c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1214c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1214 fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1211c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 12 1212c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-1200 cpu 1215fc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic et 200sp open controller cpu 1515sp pc2", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic drive controller family", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v3.0.1" }, { "model": "simatic s7-1200 cpu family", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.6.0" }, { "model": "simatic s7-1500 cpu family", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v3.0.1" }, { "model": "siplus tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531" }, { "model": "tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87984" }, { "db": "JVNDB", "id": "JVNDB-2021-020593" }, { "db": "NVD", "id": "CVE-2021-44693" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Gao Jian reported these vulnerabilities to Siemens.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-2988" } ], "trust": 0.6 }, "cve": "CVE-2021-44693", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2022-87984", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.2, "id": "CVE-2021-44693", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2021-44693", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "High", "baseScore": 4.9, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2021-020593", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2021-44693", "trust": 1.0, "value": "MEDIUM" }, { "author": "nvd@nist.gov", "id": "CVE-2021-44693", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2021-020593", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2022-87984", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202212-2988", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87984" }, { "db": "JVNDB", "id": "JVNDB-2021-020593" }, { "db": "CNNVD", "id": "CNNVD-202212-2988" }, { "db": "NVD", "id": "CVE-2021-44693" }, { "db": "NVD", "id": "CVE-2021-44693" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Affected devices don\u0027t process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. simatic s7-plcsim advanced firmware, SIMATIC S7-1200 CPU 1211C firmware, SIMATIC S7-1200 CPU 1212C Multiple Siemens products, including firmware, contain a vulnerability related to improper validation of quantities specified in input.Service operation interruption (DoS) It may be in a state. SIMATIC Drive Controllers are used for the automation of production machines, combining the functions of SIMATIC S7-1500 CPU and SINAMICS S120 drive control. SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller including optional visualization functions and central I/O in a compact device. SIMATIC S7-1200 CPU products are designed for discrete and continuous control in industrial environments, such as global manufacturing, food and beverage, and chemical industries. SIMATIC S7-1500 CPU products are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and chemical industry. SIMATIC S7-1500 Software Controller is the SIMATIC Software Controller for PC-based automation solutions. SIMATIC S7-PLCSIM Advanced simulates S7-1200, S7-1500 and some other PLC derivatives. Includes full network access to simulated PLCs, even in virtualized environments. SIPLUS extreme products are designed to operate reliably under extreme conditions, based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware as the products they are based on. TIM 1531 IRC is a communication module for SIMATIC S7-1500, S7-400, S7-300 and SINAUT ST7, DNP3 and IEC 60870-5-101/104, with three RJ45 interfaces for passing through IP-based networks (WAN/ LAN) and an RS 232/RS 485 interface for communication via a classic WAN network. \n\r\n\r\nA denial of service vulnerability exists in Siemens Industrial products. Attackers can exploit this vulnerability to denial of service in the device", "sources": [ { "db": "NVD", "id": "CVE-2021-44693" }, { "db": "JVNDB", "id": "JVNDB-2021-020593" }, { "db": "CNVD", "id": "CNVD-2022-87984" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-44693", "trust": 3.8 }, { "db": "SIEMENS", "id": "SSA-382653", "trust": 3.0 }, { "db": "ICS CERT", "id": "ICSA-22-349-03", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU91561630", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-020593", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-87984", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202212-2988", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87984" }, { "db": "JVNDB", "id": "JVNDB-2021-020593" }, { "db": "CNNVD", "id": "CNNVD-202212-2988" }, { "db": "NVD", "id": "CVE-2021-44693" } ] }, "id": "VAR-202212-1311", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-87984" } ], "trust": 1.306162763125 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87984" } ] }, "last_update_date": "2024-08-14T12:27:23.319000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens Industrial Product Denial of Service Vulnerability (CNVD-2022-87984)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/372401" }, { "title": "Siemens SIMATIC Drive Controller Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=245497" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87984" }, { "db": "CNNVD", "id": "CNNVD-202212-2988" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-1284", "trust": 1.0 }, { "problemtype": "Improper validation of quantity specified in input (CWE-1284) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-020593" }, { "db": "NVD", "id": "CVE-2021-44693" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91561630/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44693" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-03" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-382653.html" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2021-44693/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-349-03" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/siemens-simatic-four-vulnerabilities-40092" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-87984" }, { "db": "JVNDB", "id": "JVNDB-2021-020593" }, { "db": "CNNVD", "id": "CNNVD-202212-2988" }, { "db": "NVD", "id": "CVE-2021-44693" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-87984" }, { "db": "JVNDB", "id": "JVNDB-2021-020593" }, { "db": "CNNVD", "id": "CNNVD-202212-2988" }, { "db": "NVD", "id": "CVE-2021-44693" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-16T00:00:00", "db": "CNVD", "id": "CNVD-2022-87984" }, { "date": "2023-11-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-020593" }, { "date": "2022-12-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-2988" }, { "date": "2022-12-13T16:15:14.750000", "db": "NVD", "id": "CVE-2021-44693" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-16T00:00:00", "db": "CNVD", "id": "CNVD-2022-87984" }, { "date": "2023-11-29T01:33:00", "db": "JVNDB", "id": "JVNDB-2021-020593" }, { "date": "2023-07-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-2988" }, { "date": "2023-09-12T10:15:11.263000", "db": "NVD", "id": "CVE-2021-44693" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-2988" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vulnerability in multiple Siemens products related to improper validation of quantities specified in inputs", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-020593" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-2988" } ], "trust": 0.6 } }
cve-2023-38380
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) |
Version: 0 < V3.4.29 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:39:13.213Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-693975.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-693975.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-625862.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC CP 1242-7 V2 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-8 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1542SP-1", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1542SP-1 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1543-1", "vendor": "Siemens", "versions": [ { "lessThan": "V3.0.37", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1543SP-1", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S210 (6SL5...)", "vendor": "Siemens", "versions": [ { "lessThan": "V6.1 HF2", "status": "affected", "version": "V6.1", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 1543-1", "vendor": "Siemens", "versions": [ { "lessThan": "V3.0.37", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE (All versions \u003c V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) (All versions \u003c V3.0.37), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions \u003c V2.3), SINAMICS S210 (6SL5...) (All versions \u003e= V6.1 \u003c V6.1 HF2), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions \u003c V2.3), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) (All versions \u003c V3.0.37). The webserver implementation of the affected products does not correctly release allocated memory after it has been used.\r\n\r\nAn attacker with network access could use this vulnerability to cause a denial-of-service condition in the webserver of the affected product." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "CWE-401: Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-11T14:19:50.234Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-693975.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-693975.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-625862.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38380", "datePublished": "2023-12-12T11:26:36.173Z", "dateReserved": "2023-07-17T13:06:36.758Z", "dateUpdated": "2024-08-02T17:39:13.213Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-43716
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:h:siemens:siplus_net_cp_443-1:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "siplus_net_cp_443-1", "vendor": "siemens", "versions": [ { "lessThan": "v3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_cp_443-1:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cp_443-1", "vendor": "siemens", "versions": [ { "lessThan": "v3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_cp_443-1_advanced:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cp_443-1_advanced", "vendor": "siemens", "versions": [ { "lessThan": "v3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_cp_1242-7_gprs_v2:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cp_1242-7_gprs_v2", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_cp_1243-1:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cp_1243-1", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_cp_1243-1_dnp3:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cp_1243-1_dnp3", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_cp_1243-1_iec:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cp_1243-1_iec", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_eu:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cp_1243-7_lte_eu", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_us:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cp_1243-7_lte_us", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_cp_1243-8:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cp_1243-8", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_cp_1542sp-1:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cp_1542sp-1", "vendor": "siemens", "versions": [ { "lessThan": "v2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cp_1542sp-1_irc", "vendor": "siemens", "versions": [ { "lessThan": "v2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_cp_1543sp-1:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cp_1543sp-1", "vendor": "siemens", "versions": [ { "lessThan": "v2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "siplus_et_200sp_cp_1542sp-1_irc_tx_rail", "vendor": "siemens", "versions": [ { "lessThan": "v2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "siplus_et_200sp_cp_1543sp-1_isec", "vendor": "siemens", "versions": [ { "lessThan": "v2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "siplus_et_200sp_cp_1543sp-1_isec_tx_rail", "vendor": "siemens", "versions": [ { "lessThan": "v2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:siplus_net_cp_443-1_advanced:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "siplus_net_cp_443-1_advanced", "vendor": "siemens", "versions": [ { "lessThan": "v3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:siplus_net_cp_1242-7_v2:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "siplus_net_cp_1242-7_v2", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "siplus_s7-1200_cp_1243-1", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1_rail:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "siplus_s7-1200_cp_1243-1_rail", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:siplus_tim_1531_irc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "siplus_tim_1531_irc", "vendor": "siemens", "versions": [ { "lessThan": "v2.3.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:siplus_tim_1531_irc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "siplus_tim_1531_irc", "vendor": "siemens", "versions": [ { "lessThan": "v2.3.6", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2022-43716", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T14:12:55.560896Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T14:35:43.227Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-03T13:40:06.265Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC CP 1242-7 V2", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE EU", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE US", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-8 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1542SP-1", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1542SP-1 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1543SP-1", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 443-1", "vendor": "Siemens", "versions": [ { "lessThan": "V3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 443-1", "vendor": "Siemens", "versions": [ { "lessThan": "V3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 443-1 Advanced", "vendor": "Siemens", "versions": [ { "lessThan": "V3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 1242-7 V2", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 443-1", "vendor": "Siemens", "versions": [ { "lessThan": "V3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 443-1 Advanced", "vendor": "Siemens", "versions": [ { "lessThan": "V3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-1200 CP 1243-1", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-1200 CP 1243-1 RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS TIM 1531 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "TIM 1531 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3.6", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions \u003c V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions \u003c V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions \u003c V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions \u003c V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions \u003c V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions \u003c V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions \u003c V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-10T09:33:31.854Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-43716", "datePublished": "2023-04-11T09:02:49.383Z", "dateReserved": "2022-10-24T05:19:12.272Z", "dateUpdated": "2024-09-10T09:33:31.854Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-34820
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SIMATIC CP 1242-7 V2 |
Version: All versions < V3.3.46 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:22:10.675Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC CP 1242-7 V2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE EU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE US", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-8 IRC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1542SP-1 IRC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1543-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.0.22" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1543SP-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 1242-7 V2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 1543-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.0.22" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-1200 CP 1243-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-1200 CP 1243-1 RAIL", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions \u003c V3.3.46), SIMATIC CP 1243-1 (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE US (All versions \u003c V3.3.46), SIMATIC CP 1243-8 IRC (All versions \u003c V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions \u003e= V2.0 \u003c V2.2.28), SIMATIC CP 1543-1 (All versions \u003c V3.0.22), SIMATIC CP 1543SP-1 (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions \u003c V3.3.46), SIPLUS NET CP 1543-1 (All versions \u003c V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions \u003c V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions \u003c V3.3.46). The application does not correctly escape some user provided fields during the authentication process. This could allow an attacker to inject custom commands and execute arbitrary code with elevated privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:30:39.103Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-34820", "datePublished": "2022-07-12T10:07:29", "dateReserved": "2022-06-29T00:00:00", "dateUpdated": "2024-08-03T09:22:10.675Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-43767
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SIMATIC CP 1242-7 V2 |
Version: 0 < V3.4.29 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:h:siemens:simatic_cp_1542sp-1:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cp_1542sp-1", "vendor": "siemens", "versions": [ { "lessThan": "2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cp_1542sp-1_irc", "vendor": "siemens", "versions": [ { "lessThan": "2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_cp_1543sp-1:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cp_1543sp-1", "vendor": "siemens", "versions": [ { "lessThan": "2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_cp_443-1:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cp_443-1", "vendor": "siemens", "versions": [ { "lessThan": "3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_cp_443-1_advanced:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cp_443-1_advanced", "vendor": "siemens", "versions": [ { "lessThan": "3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "siplus_et_200sp_cp_1542sp-1_irc_tx_rail", "vendor": "siemens", "versions": [ { "lessThan": "2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "siplus_et_200sp_cp_1543sp-1_isec", "vendor": "siemens", "versions": [ { "lessThan": "2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "siplus_et_200sp_cp_1543sp-1_isec_tx_rail", "vendor": "siemens", "versions": [ { "lessThan": "2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:siplus_net_cp_1242-7_v2:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "siplus_net_cp_1242-7_v2", "vendor": "siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:siplus_net_cp_443-1:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "siplus_net_cp_443-1", "vendor": "siemens", "versions": [ { "lessThan": "3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:siplus_net_cp_443-1_advanced:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "siplus_net_cp_443-1_advanced", "vendor": "siemens", "versions": [ { "lessThan": "3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "siplus_s7-1200_cp_1243-1", "vendor": "siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_cp_1242-7_v2:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cp_1242-7_v2", "vendor": "siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_cp_1243-1:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cp_1243-1", "vendor": "siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_cp_1243-1_dnp3:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cp_1243-1_dnp3", "vendor": "siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_cp_1243-1_iec:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cp_1243-1_iec", "vendor": "siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_eu:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cp_1243-7_lte_eu", "vendor": "siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_us:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cp_1243-7_lte_us", "vendor": "siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_cp_1243-8_irc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cp_1243-8_irc", "vendor": "siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1_rail:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "siplus_s7-1200_cp_1243-1_rail", "vendor": "siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:siplus_tim_1531_irc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "siplus_tim_1531_irc", "vendor": "siemens", "versions": [ { "lessThan": "2.3.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "tim_1531_irc", "vendor": "siemens", "versions": [ { "lessThan": "2.3.6", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2022-43767", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-12T19:11:06.737320Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-12T20:11:32.129Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-03T13:40:06.317Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC CP 1242-7 V2", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE EU", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE US", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-8 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1542SP-1", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1542SP-1 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1543SP-1", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 443-1", "vendor": "Siemens", "versions": [ { "lessThan": "V3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 443-1", "vendor": "Siemens", "versions": [ { "lessThan": "V3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 443-1 Advanced", "vendor": "Siemens", "versions": [ { "lessThan": "V3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 1242-7 V2", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 443-1", "vendor": "Siemens", "versions": [ { "lessThan": "V3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 443-1 Advanced", "vendor": "Siemens", "versions": [ { "lessThan": "V3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-1200 CP 1243-1", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-1200 CP 1243-1 RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS TIM 1531 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "TIM 1531 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3.6", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions \u003c V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions \u003c V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions \u003c V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions \u003c V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions \u003c V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions \u003c V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions \u003c V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-833", "description": "CWE-833: Deadlock", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-10T09:33:33.351Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-43767", "datePublished": "2023-04-11T09:02:50.497Z", "dateReserved": "2022-10-26T11:27:16.347Z", "dateUpdated": "2024-09-10T09:33:33.351Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-34821
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | RUGGEDCOM RM1224 LTE(4G) EU |
Version: All versions < V7.2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:22:10.733Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM RM1224 LTE(4G) EU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RM1224 LTE(4G) NAM", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M804PB", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M812-1 ADSL-Router (Annex A)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M812-1 ADSL-Router (Annex B)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M816-1 ADSL-Router (Annex A)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M816-1 ADSL-Router (Annex B)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M826-2 SHDSL-Router", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M874-2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M874-3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M876-3 (EVDO)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M876-3 (ROK)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M876-4", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M876-4 (EU)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M876-4 (NAM)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE MUM853-1 (EU)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE MUM856-1 (EU)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE MUM856-1 (RoW)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE S615", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE S615 EEC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC622-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC622-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 \u003c V3.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC626-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC626-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 \u003c V3.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC632-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC632-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 \u003c V3.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC636-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC636-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 \u003c V3.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC642-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC642-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 \u003c V3.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC646-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC646-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 \u003c V3.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WAM763-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WAM766-1 (EU)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WAM766-1 (US)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WAM766-1 EEC (EU)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WAM766-1 EEC (US)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WUM763-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WUM763-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WUM766-1 (EU)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WUM766-1 (US)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1242-7 V2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE EU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE US", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-8 IRC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1542SP-1 IRC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1543-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.0.22" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1543SP-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 1242-7 V2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 1543-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.0.22" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-1200 CP 1243-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-1200 CP 1243-1 RAIL", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions \u003c V7.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions \u003c V7.2), SCALANCE M804PB (All versions \u003c V7.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions \u003c V7.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions \u003c V7.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions \u003c V7.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions \u003c V7.2), SCALANCE M826-2 SHDSL-Router (All versions \u003c V7.2), SCALANCE M874-2 (All versions \u003c V7.2), SCALANCE M874-3 (All versions \u003c V7.2), SCALANCE M876-3 (EVDO) (All versions \u003c V7.2), SCALANCE M876-3 (ROK) (All versions \u003c V7.2), SCALANCE M876-4 (All versions \u003c V7.2), SCALANCE M876-4 (EU) (All versions \u003c V7.2), SCALANCE M876-4 (NAM) (All versions \u003c V7.2), SCALANCE MUM853-1 (EU) (All versions \u003c V7.2), SCALANCE MUM856-1 (EU) (All versions \u003c V7.2), SCALANCE MUM856-1 (RoW) (All versions \u003c V7.2), SCALANCE S615 (All versions \u003c V7.2), SCALANCE S615 EEC (All versions \u003c V7.2), SCALANCE SC622-2C (All versions \u003c V2.3), SCALANCE SC622-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC626-2C (All versions \u003c V2.3), SCALANCE SC626-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC632-2C (All versions \u003c V2.3), SCALANCE SC632-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC636-2C (All versions \u003c V2.3), SCALANCE SC636-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC642-2C (All versions \u003c V2.3), SCALANCE SC642-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC646-2C (All versions \u003c V2.3), SCALANCE SC646-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE WAM763-1 (All versions), SCALANCE WAM766-1 (EU) (All versions), SCALANCE WAM766-1 (US) (All versions), SCALANCE WAM766-1 EEC (EU) (All versions), SCALANCE WAM766-1 EEC (US) (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM766-1 (EU) (All versions), SCALANCE WUM766-1 (US) (All versions), SIMATIC CP 1242-7 V2 (All versions \u003c V3.3.46), SIMATIC CP 1243-1 (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE US (All versions \u003c V3.3.46), SIMATIC CP 1243-8 IRC (All versions \u003c V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions \u003e= V2.0 \u003c V2.2.28), SIMATIC CP 1543-1 (All versions \u003c V3.0.22), SIMATIC CP 1543SP-1 (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions \u003c V3.3.46), SIPLUS NET CP 1543-1 (All versions \u003c V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions \u003c V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions \u003c V3.3.46). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-10T10:20:57.022Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-34821", "datePublished": "2022-07-12T00:00:00", "dateReserved": "2022-06-29T00:00:00", "dateUpdated": "2024-08-03T09:22:10.733Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-50763
Vulnerability from cvelistv5
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SIMATIC CP 1542SP-1 |
Version: 0 < V2.3 |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-50763", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-11T13:16:37.494371Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-11T13:16:47.844Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T22:16:47.270Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-625862.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-337522.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC CP 1542SP-1", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1542SP-1 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1543SP-1", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS TIM 1531 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.4.8", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "TIM 1531 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.4.8", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions \u003c V2.3), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.4.8). The web server of affected products, if configured to allow the import of PKCS12 containers, could end up in an infinite loop when processing incomplete certificate chains.\r\n\r\nThis could allow an authenticated remote attacker to create a denial of service condition by importing specially crafted PKCS12 containers." } ], "metrics": [ { "cvssV3_1": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-835", "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:04:34.906Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-625862.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-337522.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-50763", "datePublished": "2024-06-11T11:15:18.921Z", "dateReserved": "2023-12-13T11:47:39.148Z", "dateUpdated": "2024-08-02T22:16:47.270Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-34819
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SIMATIC CP 1242-7 V2 |
Version: All versions < V3.3.46 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:22:10.546Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC CP 1242-7 V2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE EU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE US", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-8 IRC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1542SP-1 IRC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1543-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.0.22" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1543SP-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 1242-7 V2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 1543-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.0.22" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-1200 CP 1243-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-1200 CP 1243-1 RAIL", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions \u003c V3.3.46), SIMATIC CP 1243-1 (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE US (All versions \u003c V3.3.46), SIMATIC CP 1243-8 IRC (All versions \u003c V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions \u003e= V2.0 \u003c V2.2.28), SIMATIC CP 1543-1 (All versions \u003c V3.0.22), SIMATIC CP 1543SP-1 (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions \u003c V3.3.46), SIPLUS NET CP 1543-1 (All versions \u003c V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions \u003c V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions \u003c V3.3.46). The application lacks proper validation of user-supplied data when parsing specific messages. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of device." } ], "metrics": [ { "cvssV3_1": { "baseScore": 10, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:30:37.921Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-34819", "datePublished": "2022-07-12T10:07:27", "dateReserved": "2022-06-29T00:00:00", "dateUpdated": "2024-08-03T09:22:10.546Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-43768
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SIMATIC CP 1242-7 V2 |
Version: 0 < V3.4.29 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:40:06.422Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC CP 1242-7 V2", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE EU", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE US", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-8 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1542SP-1", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1542SP-1 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1543SP-1", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 443-1", "vendor": "Siemens", "versions": [ { "lessThan": "V3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 443-1", "vendor": "Siemens", "versions": [ { "lessThan": "V3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 443-1 Advanced", "vendor": "Siemens", "versions": [ { "lessThan": "V3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 1242-7 V2", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 443-1", "vendor": "Siemens", "versions": [ { "lessThan": "V3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 443-1 Advanced", "vendor": "Siemens", "versions": [ { "lessThan": "V3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-1200 CP 1243-1", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-1200 CP 1243-1 RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS TIM 1531 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "TIM 1531 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3.6", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions \u003c V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions \u003c V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions \u003c V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions \u003c V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions \u003c V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions \u003c V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions \u003c V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-10T09:33:34.861Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-43768", "datePublished": "2023-04-11T09:02:51.623Z", "dateReserved": "2022-10-26T11:27:16.347Z", "dateUpdated": "2024-09-10T09:33:34.861Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }