var-202312-0261
Vulnerability from variot
A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle HTTP(S) requests to the web server correctly.
This could allow an attacker to exhaust system resources and create a denial of service condition for the device. 6es7412-2ek07-0ab0 firmware, 6es7414-3em07-0ab0 firmware, 6es7414-3fm07-0ab0 Multiple Siemens products, including firmware, contain vulnerabilities related to recursion control.Service operation interruption (DoS) It may be in a state. SIMATIC PC Station is a software component for managing SIMATIC software products and interfaces on a PC. SIMATIC S7-400 controllers are designed for discrete and continuous control in industrial environments, such as the manufacturing, food and beverage, and chemical industries around the world.
A denial of service vulnerability exists in the web servers of multiple Siemens products
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202312-0261", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "6ag1416-3es07-7ab0", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic pc-station plus", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics s120", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "sinamics s120", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "5.2" }, { "model": "6es7416-3fs07-0ab0", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "6ag1414-3em07-7ab0", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "6es7414-3fm07-0ab0", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics s120", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "5.0" }, { "model": "sinamics s120", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "6es7416-3es07-0ab0", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "6es7412-2ek07-0ab0", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics s120", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "5.1" }, { "model": "sinamics s120", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "6es7414-3em07-0ab0", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics s120", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.9" }, { "model": "sinamics s120", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6es7414-3fm07-0ab0", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6es7414-3em07-0ab0", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6es7416-3es07-0ab0", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic pc-station plus", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6es7416-3fs07-0ab0", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6ag1416-3es07-7ab0", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6es7412-2ek07-0ab0", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "6ag1414-3em07-7ab0", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic s7-400 cpu pn", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "412-2v7" }, { "model": "simatic s7-400 cpu pn/dp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "414-3v7" }, { "model": "simatic s7-400 cpu 414f-3 pn/dp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v7" }, { "model": "simatic s7-400 cpu pn/dp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "416-3v7" }, { "model": "simatic s7-400 cpu 416f-3 pn/dp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v7" }, { "model": "simatic pc-station plus", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinamics s120 sp3 hf15", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v5.2" }, { "model": "siplus s7-400 cpu pn/dp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "414-3v7" }, { "model": "siplus s7-400 cpu pn/dp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "416-3v7" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-97270" }, { "db": "JVNDB", "id": "JVNDB-2022-024737" }, { "db": "NVD", "id": "CVE-2022-47374" } ] }, "cve": "CVE-2022-47374", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2023-97270", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2022-47374", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2022-024737", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2022-47374", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2022-024737", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2023-97270", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-97270" }, { "db": "JVNDB", "id": "JVNDB-2022-024737" }, { "db": "NVD", "id": "CVE-2022-47374" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC\u00a0PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions \u003c V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle HTTP(S) requests to the web server correctly. \r\n\r\nThis could allow an attacker to exhaust system resources and create a denial of service condition for the device. 6es7412-2ek07-0ab0 firmware, 6es7414-3em07-0ab0 firmware, 6es7414-3fm07-0ab0 Multiple Siemens products, including firmware, contain vulnerabilities related to recursion control.Service operation interruption (DoS) It may be in a state. SIMATIC PC Station is a software component for managing SIMATIC software products and interfaces on a PC. SIMATIC S7-400 controllers are designed for discrete and continuous control in industrial environments, such as the manufacturing, food and beverage, and chemical industries around the world. \n\r\n\r\nA denial of service vulnerability exists in the web servers of multiple Siemens products", "sources": [ { "db": "NVD", "id": "CVE-2022-47374" }, { "db": "JVNDB", "id": "JVNDB-2022-024737" }, { "db": "CNVD", "id": "CNVD-2023-97270" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-47374", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-892915", "trust": 2.4 }, { "db": "JVN", "id": "JVNVU98271228", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-23-348-05", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-024737", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-97270", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-97270" }, { "db": "JVNDB", "id": "JVNDB-2022-024737" }, { "db": "NVD", "id": "CVE-2022-47374" } ] }, "id": "VAR-202312-0261", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-97270" } ], "trust": 1.2793478 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-97270" } ] }, "last_update_date": "2024-08-14T13:18:43.796000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Denial of Service Vulnerabilities in Web Servers of Multiple Siemens Products", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/500411" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-97270" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-674", "trust": 1.0 }, { "problemtype": "Inappropriate recursive control (CWE-674) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-024737" }, { "db": "NVD", "id": "CVE-2022-47374" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu98271228/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-47374" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-05" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-892915.html" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-97270" }, { "db": "JVNDB", "id": "JVNDB-2022-024737" }, { "db": "NVD", "id": "CVE-2022-47374" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-97270" }, { "db": "JVNDB", "id": "JVNDB-2022-024737" }, { "db": "NVD", "id": "CVE-2022-47374" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-12-15T00:00:00", "db": "CNVD", "id": "CNVD-2023-97270" }, { "date": "2024-01-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-024737" }, { "date": "2023-12-12T12:15:10.563000", "db": "NVD", "id": "CVE-2022-47374" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-12-13T00:00:00", "db": "CNVD", "id": "CNVD-2023-97270" }, { "date": "2024-01-15T05:11:00", "db": "JVNDB", "id": "JVNDB-2022-024737" }, { "date": "2023-12-18T14:52:16.673000", "db": "NVD", "id": "CVE-2022-47374" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Recursion control vulnerability in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-024737" } ], "trust": 0.8 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.