var-202312-0260
Vulnerability from variot

A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle long file names correctly.

This could allow an attacker to create a buffer overflow and create a denial of service condition for the device. 6es7412-2ek07-0ab0 firmware, 6es7414-3em07-0ab0 firmware, 6es7414-3fm07-0ab0 A buffer error vulnerability exists in multiple Siemens products, including firmware.Service operation interruption (DoS) It may be in a state. SIMATIC PC Station is a software component for managing SIMATIC software products and interfaces on a PC. SIMATIC S7-400 controllers are designed for discrete and continuous control in industrial environments, such as the manufacturing, food and beverage, and chemical industries around the world.

A denial of service vulnerability exists in the web servers of several Siemens products

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202312-0260",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "6ag1416-3es07-7ab0",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic pc-station plus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinamics s120",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics s120",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.2"
      },
      {
        "model": "6es7416-3fs07-0ab0",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "6ag1414-3em07-7ab0",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "6es7414-3fm07-0ab0",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinamics s120",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.0"
      },
      {
        "model": "sinamics s120",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.8"
      },
      {
        "model": "6es7416-3es07-0ab0",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "6es7412-2ek07-0ab0",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinamics s120",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.1"
      },
      {
        "model": "sinamics s120",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.7"
      },
      {
        "model": "6es7414-3em07-0ab0",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinamics s120",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "4.9"
      },
      {
        "model": "sinamics s120",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "6es7414-3fm07-0ab0",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "6es7414-3em07-0ab0",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "6es7416-3es07-0ab0",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic pc-station plus",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "6es7416-3fs07-0ab0",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "6ag1416-3es07-7ab0",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "6es7412-2ek07-0ab0",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "6ag1414-3em07-7ab0",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "simatic s7-400 cpu pn",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "412-2v7"
      },
      {
        "model": "simatic s7-400 cpu pn/dp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "414-3v7"
      },
      {
        "model": "simatic s7-400 cpu 414f-3 pn/dp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v7"
      },
      {
        "model": "simatic s7-400 cpu pn/dp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "416-3v7"
      },
      {
        "model": "simatic s7-400 cpu 416f-3 pn/dp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v7"
      },
      {
        "model": "simatic pc-station plus",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinamics s120 sp3 hf15",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v5.2"
      },
      {
        "model": "siplus s7-400 cpu pn/dp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "414-3v7"
      },
      {
        "model": "siplus s7-400 cpu pn/dp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "416-3v7"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-97269"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024736"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-47375"
      }
    ]
  },
  "cve": "CVE-2022-47375",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2023-97269",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "productcert@siemens.com",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-47375",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2022-024736",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2022-47375",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2022-024736",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2023-97269",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-97269"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024736"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-47375"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SIMATIC\u00a0PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions \u003c V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle long file names correctly. \r\n\r\nThis could allow an attacker to create a buffer overflow and create a denial of service condition for the device. 6es7412-2ek07-0ab0 firmware, 6es7414-3em07-0ab0 firmware, 6es7414-3fm07-0ab0 A buffer error vulnerability exists in multiple Siemens products, including firmware.Service operation interruption (DoS) It may be in a state. SIMATIC PC Station is a software component for managing SIMATIC software products and interfaces on a PC. SIMATIC S7-400 controllers are designed for discrete and continuous control in industrial environments, such as the manufacturing, food and beverage, and chemical industries around the world. \n\r\n\r\nA denial of service vulnerability exists in the web servers of several Siemens products",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-47375"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024736"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-97269"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-47375",
        "trust": 3.2
      },
      {
        "db": "SIEMENS",
        "id": "SSA-892915",
        "trust": 2.4
      },
      {
        "db": "JVN",
        "id": "JVNVU98271228",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-348-05",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024736",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-97269",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-97269"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024736"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-47375"
      }
    ]
  },
  "id": "VAR-202312-0260",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-97269"
      }
    ],
    "trust": 1.2793478
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-97269"
      }
    ]
  },
  "last_update_date": "2024-08-14T12:53:01.519000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Web server denial of service vulnerability in multiple Siemens products (CNVD-2023-97269)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/500421"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-97269"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-805",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-119",
        "trust": 1.0
      },
      {
        "problemtype": "Buffer error (CWE-119) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024736"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-47375"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu98271228/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-47375"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-05"
      },
      {
        "trust": 0.6,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-892915.html"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-97269"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024736"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-47375"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-97269"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024736"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-47375"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-12-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-97269"
      },
      {
        "date": "2024-01-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-024736"
      },
      {
        "date": "2023-12-12T12:15:10.797000",
        "db": "NVD",
        "id": "CVE-2022-47375"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-12-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-97269"
      },
      {
        "date": "2024-01-15T05:11:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-024736"
      },
      {
        "date": "2023-12-18T14:52:52.443000",
        "db": "NVD",
        "id": "CVE-2022-47375"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer error vulnerability in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024736"
      }
    ],
    "trust": 0.8
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.