var-202207-0620
Vulnerability from variot
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). The application does not correctly escape some user provided fields during the authentication process. This could allow an attacker to inject custom commands and execute arbitrary code with elevated privileges. The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect the SIMATIC S7-1200 controllers to a wide area network (WAN). They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or ST7 master via the SINAUT ST7 telecontrol protocol. The SIMATIC CP 1543-1 communications processor connects the SIMATIC S7-1500 controller to Ethernet. They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1543SP-1, CP 1542SP-1 and CP 1542SP-1 IRC communication processors connect the SIMATIC ET 200SP controllers to Ethernet. The SIMATIC CP 1543SP-1 and CP 1542SP-1 IRC communication processors also offer integrated security functions such as firewalls, virtual private networks (VPN) or support for other data encryption protocols. SIPLUSextreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware on which they are based
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0620", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic cp 1542sp-1 irc", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "simatic cp 1543sp-1", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2.28" }, { "model": "simatic cp 1243-7 lte eu", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.46" }, { "model": "siplus s7-1200 cp 1243-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.46" }, { "model": "simatic cp 1243-7 lte us", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.46" }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2.28" }, { "model": "siplus net cp 1242-7 v2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.46" }, { "model": "simatic cp 1243-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.46" }, { "model": "simatic cp 1543sp-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2.28" }, { "model": "siplus net cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.22" }, { "model": "simatic cp 1242-7 v2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.46" }, { "model": "simatic cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.22" }, { "model": "simatic cp 1542sp-1 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2.28" }, { "model": "siplus s7-1200 cp 1243-1 rail", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.46" }, { "model": "simatic cp 1243-8 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.46" }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2.28" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp lte eu", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp lte us", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-8" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1543-1\u003c3.0.22" }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1543-1\u003c3.0.22" }, { "model": "siplus s7-1200 cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "siplus s7-1200 cp rail", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51635" }, { "db": "NVD", "id": "CVE-2022-34820" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-903" } ], "trust": 0.6 }, "cve": "CVE-2022-34820", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2022-34820", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 6.5, "id": "CNVD-2022-51635", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2022-34820", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "ADJACENT", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.7, "id": "CVE-2022-34820", "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2022-34820", "trust": 1.0, "value": "CRITICAL" }, { "author": "productcert@siemens.com", "id": "CVE-2022-34820", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2022-51635", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202207-903", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2022-34820", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51635" }, { "db": "VULMON", "id": "CVE-2022-34820" }, { "db": "CNNVD", "id": "CNNVD-202207-903" }, { "db": "NVD", "id": "CVE-2022-34820" }, { "db": "NVD", "id": "CVE-2022-34820" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions \u003c V3.3.46), SIMATIC CP 1243-1 (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE US (All versions \u003c V3.3.46), SIMATIC CP 1243-8 IRC (All versions \u003c V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions \u003e= V2.0 \u003c V2.2.28), SIMATIC CP 1543-1 (All versions \u003c V3.0.22), SIMATIC CP 1543SP-1 (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions \u003c V3.3.46), SIPLUS NET CP 1543-1 (All versions \u003c V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions \u003c V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions \u003c V3.3.46). The application does not correctly escape some user provided fields during the authentication process. This could allow an attacker to inject custom commands and execute arbitrary code with elevated privileges. The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect the SIMATIC S7-1200 controllers to a wide area network (WAN). They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or ST7 master via the SINAUT ST7 telecontrol protocol. The SIMATIC CP 1543-1 communications processor connects the SIMATIC S7-1500 controller to Ethernet. They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1543SP-1, CP 1542SP-1 and CP 1542SP-1 IRC communication processors connect the SIMATIC ET 200SP controllers to Ethernet. The SIMATIC CP 1543SP-1 and CP 1542SP-1 IRC communication processors also offer integrated security functions such as firewalls, virtual private networks (VPN) or support for other data encryption protocols. SIPLUSextreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware on which they are based", "sources": [ { "db": "NVD", "id": "CVE-2022-34820" }, { "db": "CNVD", "id": "CNVD-2022-51635" }, { "db": "VULMON", "id": "CVE-2022-34820" } ], "trust": 1.53 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-34820", "trust": 2.3 }, { "db": "SIEMENS", "id": "SSA-517377", "trust": 2.3 }, { "db": "ICS CERT", "id": "ICSA-22-195-12", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2022-51635", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022071333", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202207-903", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-34820", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51635" }, { "db": "VULMON", "id": "CVE-2022-34820" }, { "db": "CNNVD", "id": "CNNVD-202207-903" }, { "db": "NVD", "id": "CVE-2022-34820" } ] }, "id": "VAR-202207-0620", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-51635" } ], "trust": 1.3950221799999998 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51635" } ] }, "last_update_date": "2024-08-14T12:58:52.107000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens SIMATIC CP SRCS VPN Feature Command Injection Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/339691" }, { "title": "Multiple Siemens SIMATIC Product Command Injection Vulnerability Fixes", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=228949" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51635" }, { "db": "CNNVD", "id": "CNNVD-202207-903" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-77", "trust": 1.0 }, { "problemtype": "CWE-116", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2022-34820" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-517377.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022071333" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-34820/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/siemens-simatic-cp-three-vulnerabilities-via-srcs-vpn-38784" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-195-12" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/116.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-12" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51635" }, { "db": "VULMON", "id": "CVE-2022-34820" }, { "db": "CNNVD", "id": "CNNVD-202207-903" }, { "db": "NVD", "id": "CVE-2022-34820" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-51635" }, { "db": "VULMON", "id": "CVE-2022-34820" }, { "db": "CNNVD", "id": "CNNVD-202207-903" }, { "db": "NVD", "id": "CVE-2022-34820" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-15T00:00:00", "db": "CNVD", "id": "CNVD-2022-51635" }, { "date": "2022-07-12T00:00:00", "db": "VULMON", "id": "CVE-2022-34820" }, { "date": "2022-07-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-903" }, { "date": "2022-07-12T10:15:12.343000", "db": "NVD", "id": "CVE-2022-34820" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-15T00:00:00", "db": "CNVD", "id": "CNVD-2022-51635" }, { "date": "2023-06-29T00:00:00", "db": "VULMON", "id": "CVE-2022-34820" }, { "date": "2023-06-30T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-903" }, { "date": "2023-06-29T15:34:19.477000", "db": "NVD", "id": "CVE-2022-34820" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote or local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-903" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens SIMATIC CP SRCS VPN Feature Command Injection Vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2022-51635" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "command injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-903" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.