Vulnerabilites related to Siemens - SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)
cve-2023-28827
Vulnerability from cvelistv5
Published
2024-09-10 09:33
Modified
2024-09-10 15:11
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle certain requests, causing a timeout in the watchdog, which could lead to the clean up of pointers.
This could allow a remote attacker to cause a denial of service condition in the system.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) |
Version: 0 < V3.5.20 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-28827", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T15:10:54.020229Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T15:11:03.085Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "SIMATIC CP 1242-7 V2 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V3.5.20", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V3.5.20", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V3.5.20", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V3.5.20", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-7 LTE", vendor: "Siemens", versions: [ { lessThan: "V3.5.20", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-8 IRC", vendor: "Siemens", versions: [ { lessThan: "V3.5.20", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC DiagBase", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC DiagMonitor", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC WinCC Runtime Advanced", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIPLUS TIM 1531 IRC", vendor: "Siemens", versions: [ { lessThan: "V2.4.8", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "TIM 1531 IRC", vendor: "Siemens", versions: [ { lessThan: "V2.4.8", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle certain requests, causing a timeout in the watchdog, which could lead to the clean up of pointers. \r\n\r\nThis could allow a remote attacker to cause a denial of service condition in the system.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, { cvssV4_0: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T09:33:37.794Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-423808.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-28827", datePublished: "2024-09-10T09:33:37.794Z", dateReserved: "2023-03-24T15:17:29.557Z", dateUpdated: "2024-09-10T15:11:03.085Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-2680
Vulnerability from cvelistv5
Published
2017-05-11 01:00
Modified
2024-09-10 09:33
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038463 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/98369 | vdb-entry, x_refsource_BID | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf | x_refsource_CONFIRM | |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-023-02 | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf | x_refsource_CONFIRM | |
| https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdf | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/html/ssa-293562.html | ||
| https://cert-portal.siemens.com/productcert/html/ssa-284673.html | ||
| https://cert-portal.siemens.com/productcert/html/ssa-546832.html |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2017-2680", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T13:26:04.237652Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T13:26:15.327Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-05T14:02:07.270Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1038463", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038463", }, { name: "98369", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/98369", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-023-02", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-293562.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-284673.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-546832.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.1 Patch04", }, ], }, { defaultStatus: "unknown", product: "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.2.1 Patch03", }, ], }, { defaultStatus: "unknown", product: "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.4.0 Patch01", }, ], }, { defaultStatus: "unknown", product: "Extension Unit 12\" PROFINET", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V01.01.01", }, ], }, { defaultStatus: "unknown", product: "Extension Unit 15\" PROFINET", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V01.01.01", }, ], }, { defaultStatus: "unknown", product: "Extension Unit 19\" PROFINET", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V01.01.01", }, ], }, { defaultStatus: "unknown", product: "Extension Unit 22\" PROFINET", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V01.01.01", }, ], }, { defaultStatus: "unknown", product: "IE/AS-i Link PN IO", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "IE/PB-Link (incl. SIPLUS NET variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.0", }, ], }, { defaultStatus: "unknown", product: "SCALANCE M-800 family (incl. S615, MUM-800 and RM1224)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.03", }, ], }, { defaultStatus: "unknown", product: "SCALANCE W-700 IEEE 802.11n family", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V6.1", }, ], }, { defaultStatus: "unknown", product: "SCALANCE X-200 family (incl. SIPLUS NET variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V5.2.2", }, ], }, { defaultStatus: "unknown", product: "SCALANCE X-200IRT family (incl. SIPLUS NET variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V5.4.0", }, ], }, { defaultStatus: "unknown", product: "SCALANCE X-300 family (incl. X408 and SIPLUS NET variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.0", }, ], }, { defaultStatus: "unknown", product: "SCALANCE X408 family", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.0", }, ], }, { defaultStatus: "unknown", product: "SCALANCE X414", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.10.2", }, ], }, { defaultStatus: "unknown", product: "SCALANCE XM-400 family", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V6.1", }, ], }, { defaultStatus: "unknown", product: "SCALANCE XR-500 family", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V6.1", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CM 1542-1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.0", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CM 1542SP-1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V1.0.15", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1242-7 V2 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.1.82", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.1.82", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-7 LTE US", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.1.82", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-8 IRC", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.1.82", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-8 IRC", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.1.82", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1542SP-1 IRC (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V1.0.15", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1543-1 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.1", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1543SP-1 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V1.0.15", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1604", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.7", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1616", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.7", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1626", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V1.1", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 343-1 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.1.3", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 343-1 Advanced (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 343-1 Lean (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.1.3", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 443-1 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 443-1 Advanced (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 443-1 OPC UA", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC DK-16xx PN IO", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.7", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200AL IM 157-1 PN", vendor: "Siemens", versions: [ { lessThan: "V1.0.2", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200M (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200MP IM 155-5 PN BA", vendor: "Siemens", versions: [ { lessThan: "V4.0.1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200MP IM 155-5 PN HF", vendor: "Siemens", versions: [ { lessThan: "V4.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200MP IM 155-5 PN ST", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200pro IM 154-3 PN HF", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200pro IM 154-4 PN HF", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200SP IM 155-6 PN BA", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200SP IM 155-6 PN HF", vendor: "Siemens", versions: [ { lessThan: "V4.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200SP IM 155-6 PN HS", vendor: "Siemens", versions: [ { lessThan: "V4.0.1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200SP IM 155-6 PN ST", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200SP IM 155-6 PN ST BA", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 4AO U/I 4xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN: IO-Link Master", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200S (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V15.1", }, ], }, { defaultStatus: "unknown", product: "SIMATIC MV420 SR-B", vendor: "Siemens", versions: [ { lessThan: "V7.0.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC MV420 SR-B Body", vendor: "Siemens", versions: [ { lessThan: "V7.0.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC MV420 SR-P", vendor: "Siemens", versions: [ { lessThan: "V7.0.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC MV420 SR-P Body", vendor: "Siemens", versions: [ { lessThan: "V7.0.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC MV440 HR", vendor: "Siemens", versions: [ { lessThan: "V7.0.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC MV440 SR", vendor: "Siemens", versions: [ { lessThan: "V7.0.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC MV440 UR", vendor: "Siemens", versions: [ { lessThan: "V7.0.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.0", }, ], }, { defaultStatus: "unknown", product: "SIMATIC RF650R", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.0", }, ], }, { defaultStatus: "unknown", product: "SIMATIC RF680R", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.0", }, ], }, { defaultStatus: "unknown", product: "SIMATIC RF685R", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.0", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.2.1", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.1", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-1500 Software Controller", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.1", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-200 SMART", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.3", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V3.X.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V6.0.7", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V6.0.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V7.0.2", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-410 CPU family (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V8.2", }, ], }, { defaultStatus: "unknown", product: "SIMATIC TDC CP51M1", vendor: "Siemens", versions: [ { lessThan: "V1.1.8", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC TDC CPU555", vendor: "Siemens", versions: [ { lessThan: "V1.1.1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC Teleservice Adapter IE Advanced", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC Teleservice Adapter IE Basic", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC Teleservice Adapter IE Standard", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC WinAC RTX 2010", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2010 SP3", }, ], }, { defaultStatus: "unknown", product: "SIMATIC WinAC RTX F 2010", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2010 SP3", }, ], }, { defaultStatus: "unknown", product: "SIMOCODE pro V PROFINET (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.0.0", }, ], }, { defaultStatus: "unknown", product: "SIMOTION", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.5 HF1", }, ], }, { defaultStatus: "unknown", product: "SIMOTION D4xx V4.4 for SINAMICS SM150i-2 w. PROFINET (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.4 HF26", }, ], }, { defaultStatus: "unknown", product: "SINAMICS DCM w. PN", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V1.4 SP1 HF5", }, ], }, { defaultStatus: "unknown", product: "SINAMICS DCP w. PN", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V1.2 HF1", }, ], }, { defaultStatus: "unknown", product: "SINAMICS G110M w. PN", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.7 SP6 HF3", }, ], }, { defaultStatus: "unknown", product: "SINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.7 SP6 HF3", }, ], }, { defaultStatus: "unknown", product: "SINAMICS G130 V4.7 w. PN", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.7 HF27", }, ], }, { defaultStatus: "unknown", product: "SINAMICS G130 V4.8 w. PN", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.8 HF4", }, ], }, { defaultStatus: "unknown", product: "SINAMICS G150 V4.7 w. PN", vendor: "Siemens", versions: [ { status: "affected", version: "V4.7: All versions < V4.7 HF27", }, ], }, { defaultStatus: "unknown", product: "SINAMICS G150 V4.8 w. PN", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.8 HF4", }, ], }, { defaultStatus: "unknown", product: "SINAMICS GH150 V4.7 w. PROFINET", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.7 SP5 HF7", }, ], }, { defaultStatus: "unknown", product: "SINAMICS GL150 V4.7 w. PROFINET", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.8 SP2", }, ], }, { defaultStatus: "unknown", product: "SINAMICS GM150 V4.7 w. PROFINET", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.7 HF31", }, ], }, { defaultStatus: "unknown", product: "SINAMICS S110 w. PN", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.4 SP3 HF5", }, ], }, { defaultStatus: "unknown", product: "SINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.7", }, ], }, { defaultStatus: "unknown", product: "SINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SINAMICS S120 V4.7 w. PN (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.7 HF27", }, ], }, { defaultStatus: "unknown", product: "SINAMICS S120 V4.8 w. PN (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.8 HF4", }, ], }, { defaultStatus: "unknown", product: "SINAMICS S150 V4.7 w. PN", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.7 HF27", }, ], }, { defaultStatus: "unknown", product: "SINAMICS S150 V4.8 w. PN", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.8 HF4", }, ], }, { defaultStatus: "unknown", product: "SINAMICS SL150 V4.7.0 w. PROFINET", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.7 HF30", }, ], }, { defaultStatus: "unknown", product: "SINAMICS SL150 V4.7.4 w. PROFINET", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.8 SP2", }, ], }, { defaultStatus: "unknown", product: "SINAMICS SL150 V4.7.5 w. PROFINET", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.8 SP2", }, ], }, { defaultStatus: "unknown", product: "SINAMICS SM120 V4.7 w. PROFINET", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.8 SP2", }, ], }, { defaultStatus: "unknown", product: "SINAMICS V90 w. PN", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V1.01", }, ], }, { defaultStatus: "unknown", product: "SINUMERIK 828D V4.5 and prior", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.5 SP6 HF2", }, ], }, { defaultStatus: "unknown", product: "SINUMERIK 828D V4.7", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.7 SP4 HF1", }, ], }, { defaultStatus: "unknown", product: "SINUMERIK 840D sl V4.5 and prior", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.5 SP6 HF2", }, ], }, { defaultStatus: "unknown", product: "SINUMERIK 840D sl V4.7", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.7 SP4 HF1", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200MP IM 155-5 PN HF", vendor: "Siemens", versions: [ { lessThan: "V4.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200MP IM 155-5 PN HF", vendor: "Siemens", versions: [ { lessThan: "V4.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL", vendor: "Siemens", versions: [ { lessThan: "V4.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200MP IM 155-5 PN ST", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP IM 155-6 PN HF", vendor: "Siemens", versions: [ { lessThan: "V4.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP IM 155-6 PN HF", vendor: "Siemens", versions: [ { lessThan: "V4.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL", vendor: "Siemens", versions: [ { lessThan: "V4.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP IM 155-6 PN ST", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP IM 155-6 PN ST BA", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIRIUS ACT 3SU1 interface module PROFINET", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V1.1.0", }, ], }, { defaultStatus: "unknown", product: "SIRIUS Motor Starter M200D PROFINET", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIRIUS Soft Starter 3RW44 PN", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SITOP PSU8600 PROFINET", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V1.2.0", }, ], }, { defaultStatus: "unknown", product: "SITOP UPS1600 PROFINET (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.2.0", }, ], }, { defaultStatus: "unknown", product: "Softnet PROFINET IO for PC-based Windows systems", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14 SP1", }, ], }, ], descriptions: [ { lang: "en", value: "Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T09:33:18.492Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { name: "1038463", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038463", }, { name: "98369", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/98369", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-023-02", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdf", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-293562.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-284673.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-546832.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2017-2680", datePublished: "2017-05-11T01:00:00", dateReserved: "2016-12-01T00:00:00", dateUpdated: "2024-09-10T09:33:18.492Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30756
Vulnerability from cvelistv5
Published
2024-09-10 09:33
Modified
2024-09-10 15:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle certain errors when using the Expect HTTP request header, resulting in NULL dereference.
This could allow a remote attacker with no privileges to cause a denial of service condition in the system.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) |
Version: 0 < V3.5.20 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-30756", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T15:09:52.396615Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T15:10:00.273Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "SIMATIC CP 1242-7 V2 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V3.5.20", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V3.5.20", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V3.5.20", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V3.5.20", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-7 LTE", vendor: "Siemens", versions: [ { lessThan: "V3.5.20", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-8 IRC", vendor: "Siemens", versions: [ { lessThan: "V3.5.20", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC DiagBase", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC DiagMonitor", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC WinCC Runtime Advanced", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIPLUS TIM 1531 IRC", vendor: "Siemens", versions: [ { lessThan: "V2.4.8", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "TIM 1531 IRC", vendor: "Siemens", versions: [ { lessThan: "V2.4.8", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle certain errors when using the Expect HTTP request header, resulting in NULL dereference.\r\n\r\nThis could allow a remote attacker with no privileges to cause a denial of service condition in the system.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, { cvssV4_0: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T09:33:40.640Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-423808.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-30756", datePublished: "2024-09-10T09:33:40.640Z", dateReserved: "2023-04-14T11:16:56.497Z", dateUpdated: "2024-09-10T15:10:00.273Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43768
Vulnerability from cvelistv5
Published
2023-04-11 09:02
Modified
2025-02-07 16:51
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIMATIC CP 1242-7 V2 |
Version: 0 < V3.4.29 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:40:06.422Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-139628.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-566905.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-43768", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-07T16:50:58.868618Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-07T16:51:07.850Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "SIMATIC CP 1242-7 V2", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-7 LTE EU", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-7 LTE US", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-8 IRC", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1542SP-1", vendor: "Siemens", versions: [ { lessThan: "V2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1542SP-1 IRC", vendor: "Siemens", versions: [ { lessThan: "V2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1543SP-1", vendor: "Siemens", versions: [ { lessThan: "V2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 443-1", vendor: "Siemens", versions: [ { lessThan: "V3.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 443-1", vendor: "Siemens", versions: [ { lessThan: "V3.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 443-1 Advanced", vendor: "Siemens", versions: [ { lessThan: "V3.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL", vendor: "Siemens", versions: [ { lessThan: "V2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP CP 1543SP-1 ISEC", vendor: "Siemens", versions: [ { lessThan: "V2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL", vendor: "Siemens", versions: [ { lessThan: "V2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS NET CP 1242-7 V2", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS NET CP 443-1", vendor: "Siemens", versions: [ { lessThan: "V3.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS NET CP 443-1 Advanced", vendor: "Siemens", versions: [ { lessThan: "V3.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS S7-1200 CP 1243-1", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS S7-1200 CP 1243-1 RAIL", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS TIM 1531 IRC", vendor: "Siemens", versions: [ { lessThan: "V2.3.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "TIM 1531 IRC", vendor: "Siemens", versions: [ { lessThan: "V2.3.6", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770: Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T09:33:34.861Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-139628.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-566905.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-43768", datePublished: "2023-04-11T09:02:51.623Z", dateReserved: "2022-10-26T11:27:16.347Z", dateUpdated: "2025-02-07T16:51:07.850Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30755
Vulnerability from cvelistv5
Published
2024-09-10 09:33
Modified
2024-09-10 15:10
Severity ?
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
5.9 (Medium) - CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
5.9 (Medium) - CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle the shutdown or reboot request, which could lead to the clean up of certain resources.
This could allow a remote attacker with elevated privileges to cause a denial of service condition in the system.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) |
Version: 0 < V3.5.20 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-30755", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T15:10:26.969445Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T15:10:35.515Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "SIMATIC CP 1242-7 V2 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V3.5.20", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V3.5.20", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V3.5.20", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V3.5.20", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-7 LTE", vendor: "Siemens", versions: [ { lessThan: "V3.5.20", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-8 IRC", vendor: "Siemens", versions: [ { lessThan: "V3.5.20", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC DiagBase", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC DiagMonitor", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC WinCC Runtime Advanced", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIPLUS TIM 1531 IRC", vendor: "Siemens", versions: [ { lessThan: "V2.4.8", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "TIM 1531 IRC", vendor: "Siemens", versions: [ { lessThan: "V2.4.8", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle the shutdown or reboot request, which could lead to the clean up of certain resources. \r\n\r\nThis could allow a remote attacker with elevated privileges to cause a denial of service condition in the system.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, }, { cvssV4_0: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T09:33:39.215Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-423808.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-30755", datePublished: "2024-09-10T09:33:39.215Z", dateReserved: "2023-04-14T11:16:56.497Z", dateUpdated: "2024-09-10T15:10:35.515Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43767
Vulnerability from cvelistv5
Published
2023-04-11 09:02
Modified
2024-09-10 09:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIMATIC CP 1242-7 V2 |
Version: 0 < V3.4.29 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:siemens:simatic_cp_1542sp-1:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_cp_1542sp-1", vendor: "siemens", versions: [ { lessThan: "2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_cp_1542sp-1_irc", vendor: "siemens", versions: [ { lessThan: "2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:simatic_cp_1543sp-1:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_cp_1543sp-1", vendor: "siemens", versions: [ { lessThan: "2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:simatic_cp_443-1:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_cp_443-1", vendor: "siemens", versions: [ { lessThan: "3.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:simatic_cp_443-1_advanced:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_cp_443-1_advanced", vendor: "siemens", versions: [ { lessThan: "3.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "siplus_et_200sp_cp_1542sp-1_irc_tx_rail", vendor: "siemens", versions: [ { lessThan: "2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "siplus_et_200sp_cp_1543sp-1_isec", vendor: "siemens", versions: [ { lessThan: "2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "siplus_et_200sp_cp_1543sp-1_isec_tx_rail", vendor: "siemens", versions: [ { lessThan: "2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:siplus_net_cp_1242-7_v2:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "siplus_net_cp_1242-7_v2", vendor: "siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:siplus_net_cp_443-1:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "siplus_net_cp_443-1", vendor: "siemens", versions: [ { lessThan: "3.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:siplus_net_cp_443-1_advanced:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "siplus_net_cp_443-1_advanced", vendor: "siemens", versions: [ { lessThan: "3.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "siplus_s7-1200_cp_1243-1", vendor: "siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:simatic_cp_1242-7_v2:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_cp_1242-7_v2", vendor: "siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:simatic_cp_1243-1:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_cp_1243-1", vendor: "siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:simatic_cp_1243-1_dnp3:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_cp_1243-1_dnp3", vendor: "siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:simatic_cp_1243-1_iec:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_cp_1243-1_iec", vendor: "siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_eu:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_cp_1243-7_lte_eu", vendor: "siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_us:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_cp_1243-7_lte_us", vendor: "siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:simatic_cp_1243-8_irc:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_cp_1243-8_irc", vendor: "siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1_rail:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "siplus_s7-1200_cp_1243-1_rail", vendor: "siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:siplus_tim_1531_irc:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "siplus_tim_1531_irc", vendor: "siemens", versions: [ { lessThan: "2.3.6", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tim_1531_irc", vendor: "siemens", versions: [ { lessThan: "2.3.6", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2022-43767", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-12T19:11:06.737320Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-12T20:11:32.129Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T13:40:06.317Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-139628.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-566905.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "SIMATIC CP 1242-7 V2", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-7 LTE EU", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-7 LTE US", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-8 IRC", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1542SP-1", vendor: "Siemens", versions: [ { lessThan: "V2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1542SP-1 IRC", vendor: "Siemens", versions: [ { lessThan: "V2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1543SP-1", vendor: "Siemens", versions: [ { lessThan: "V2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 443-1", vendor: "Siemens", versions: [ { lessThan: "V3.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 443-1", vendor: "Siemens", versions: [ { lessThan: "V3.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 443-1 Advanced", vendor: "Siemens", versions: [ { lessThan: "V3.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL", vendor: "Siemens", versions: [ { lessThan: "V2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP CP 1543SP-1 ISEC", vendor: "Siemens", versions: [ { lessThan: "V2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL", vendor: "Siemens", versions: [ { lessThan: "V2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS NET CP 1242-7 V2", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS NET CP 443-1", vendor: "Siemens", versions: [ { lessThan: "V3.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS NET CP 443-1 Advanced", vendor: "Siemens", versions: [ { lessThan: "V3.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS S7-1200 CP 1243-1", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS S7-1200 CP 1243-1 RAIL", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS TIM 1531 IRC", vendor: "Siemens", versions: [ { lessThan: "V2.3.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "TIM 1531 IRC", vendor: "Siemens", versions: [ { lessThan: "V2.3.6", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-833", description: "CWE-833: Deadlock", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T09:33:33.351Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-139628.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-566905.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-43767", datePublished: "2023-04-11T09:02:50.497Z", dateReserved: "2022-10-26T11:27:16.347Z", dateUpdated: "2024-09-10T09:33:33.351Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38380
Vulnerability from cvelistv5
Published
2023-12-12 11:26
Modified
2024-08-02 17:39
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) (All versions < V3.0.37), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SINAMICS S210 (6SL5...) (All versions >= V6.1 < V6.1 HF2), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) (All versions < V3.0.37). The webserver implementation of the affected products does not correctly release allocated memory after it has been used.
An attacker with network access could use this vulnerability to cause a denial-of-service condition in the webserver of the affected product.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) |
Version: 0 < V3.4.29 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:39:13.213Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-693975.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-693975.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-139628.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-625862.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "SIMATIC CP 1242-7 V2 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-7 LTE", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-8 IRC", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1542SP-1", vendor: "Siemens", versions: [ { lessThan: "V2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1542SP-1 IRC", vendor: "Siemens", versions: [ { lessThan: "V2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1543-1", vendor: "Siemens", versions: [ { lessThan: "V3.0.37", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1543SP-1", vendor: "Siemens", versions: [ { lessThan: "V2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SINAMICS S210 (6SL5...)", vendor: "Siemens", versions: [ { lessThan: "V6.1 HF2", status: "affected", version: "V6.1", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL", vendor: "Siemens", versions: [ { lessThan: "V2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP CP 1543SP-1 ISEC", vendor: "Siemens", versions: [ { lessThan: "V2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL", vendor: "Siemens", versions: [ { lessThan: "V2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS NET CP 1543-1", vendor: "Siemens", versions: [ { lessThan: "V3.0.37", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) (All versions < V3.0.37), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SINAMICS S210 (6SL5...) (All versions >= V6.1 < V6.1 HF2), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) (All versions < V3.0.37). The webserver implementation of the affected products does not correctly release allocated memory after it has been used.\r\n\r\nAn attacker with network access could use this vulnerability to cause a denial-of-service condition in the webserver of the affected product.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, { cvssV4_0: { baseScore: 8.7, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-401", description: "CWE-401: Missing Release of Memory after Effective Lifetime", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-11T14:19:50.234Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-693975.pdf", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-693975.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-139628.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-625862.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38380", datePublished: "2023-12-12T11:26:36.173Z", dateReserved: "2023-07-17T13:06:36.758Z", dateUpdated: "2024-08-02T17:39:13.213Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-2681
Vulnerability from cvelistv5
Published
2017-05-11 10:00
Modified
2024-09-10 09:33
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038463 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/98369 | vdb-entry, x_refsource_BID | |
| https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/html/ssa-293562.html |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller |
Version: All versions < V4.1.1 Patch04 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2017-2681", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-23T20:22:19.045364Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-23T20:22:26.181Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-05T14:02:07.386Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1038463", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038463", }, { name: "98369", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/98369", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-293562.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.1 Patch04", }, ], }, { defaultStatus: "unknown", product: "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.2.1 Patch03", }, ], }, { defaultStatus: "unknown", product: "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.4.0 Patch01", }, ], }, { defaultStatus: "unknown", product: "IE/AS-i Link PN IO", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "IE/PB-Link (incl. SIPLUS NET variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.0", }, ], }, { defaultStatus: "unknown", product: "SCALANCE M-800 family (incl. S615, MUM-800 and RM1224)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.03", }, ], }, { defaultStatus: "unknown", product: "SCALANCE W-700 IEEE 802.11n family", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V6.1", }, ], }, { defaultStatus: "unknown", product: "SCALANCE X-200 family (incl. SIPLUS NET variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V5.2.2", }, ], }, { defaultStatus: "unknown", product: "SCALANCE X-200IRT family (incl. SIPLUS NET variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V5.4.0", }, ], }, { defaultStatus: "unknown", product: "SCALANCE X-300 family (incl. X408 and SIPLUS NET variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.0", }, ], }, { defaultStatus: "unknown", product: "SCALANCE X408 family", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.0", }, ], }, { defaultStatus: "unknown", product: "SCALANCE X414", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.10.2", }, ], }, { defaultStatus: "unknown", product: "SCALANCE XM-400 family", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V6.1", }, ], }, { defaultStatus: "unknown", product: "SCALANCE XR-500 family", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V6.1", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CM 1542-1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.0", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CM 1542SP-1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V1.0.15", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.1.82", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-8 IRC", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.1.82", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1542SP-1 IRC (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V1.0.15", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1543-1 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.1", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1543SP-1 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V1.0.15", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1604", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.7", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1616", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.7", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 343-1 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.1.3", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 343-1 Advanced (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 343-1 Lean (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.1.3", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 443-1 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 443-1 Advanced (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 443-1 OPC UA", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC DK-16xx PN IO", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.7", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200AL IM 157-1 PN", vendor: "Siemens", versions: [ { lessThan: "V1.0.2", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200M (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200MP IM 155-5 PN BA", vendor: "Siemens", versions: [ { lessThan: "V4.0.1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200MP IM 155-5 PN HF", vendor: "Siemens", versions: [ { lessThan: "V4.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200MP IM 155-5 PN ST", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200pro IM 154-3 PN HF", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200pro IM 154-4 PN HF", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200SP IM 155-6 PN BA", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200SP IM 155-6 PN HF", vendor: "Siemens", versions: [ { lessThan: "V4.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200SP IM 155-6 PN HS", vendor: "Siemens", versions: [ { lessThan: "V4.0.1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200SP IM 155-6 PN ST", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200SP IM 155-6 PN ST BA", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 4AO U/I 4xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN: IO-Link Master", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200S (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V15.1", }, ], }, { defaultStatus: "unknown", product: "SIMATIC MV420 SR-B", vendor: "Siemens", versions: [ { lessThan: "V7.0.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC MV420 SR-B Body", vendor: "Siemens", versions: [ { lessThan: "V7.0.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC MV420 SR-P", vendor: "Siemens", versions: [ { lessThan: "V7.0.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC MV420 SR-P Body", vendor: "Siemens", versions: [ { lessThan: "V7.0.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC MV440 HR", vendor: "Siemens", versions: [ { lessThan: "V7.0.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC MV440 SR", vendor: "Siemens", versions: [ { lessThan: "V7.0.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC MV440 UR", vendor: "Siemens", versions: [ { lessThan: "V7.0.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.0", }, ], }, { defaultStatus: "unknown", product: "SIMATIC RF650R", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.0", }, ], }, { defaultStatus: "unknown", product: "SIMATIC RF680R", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.0", }, ], }, { defaultStatus: "unknown", product: "SIMATIC RF685R", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.0", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.2.1", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.1", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-1500 Software Controller", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.1", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-200 SMART", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.3", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V3.X.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V6.0.7", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V6.0.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V7.0.2", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-410 CPU family (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V8.2", }, ], }, { defaultStatus: "unknown", product: "SIMATIC TDC CP51M1", vendor: "Siemens", versions: [ { lessThan: "V1.1.8", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC TDC CPU555", vendor: "Siemens", versions: [ { lessThan: "V1.1.1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC Teleservice Adapter IE Advanced", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC Teleservice Adapter IE Basic", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC Teleservice Adapter IE Standard", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC WinAC RTX 2010", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2010 SP3", }, ], }, { defaultStatus: "unknown", product: "SIMATIC WinAC RTX F 2010", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2010 SP3", }, ], }, { defaultStatus: "unknown", product: "SIMOCODE pro V PROFINET (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.0.0", }, ], }, { defaultStatus: "unknown", product: "SIMOTION", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.5 HF1", }, ], }, { defaultStatus: "unknown", product: "SINAMICS DCM w. PN", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V1.4 SP1 HF5", }, ], }, { defaultStatus: "unknown", product: "SINAMICS DCP w. PN", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V1.2 HF1", }, ], }, { defaultStatus: "unknown", product: "SINAMICS G110M w. PN", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.7 SP6 HF3", }, ], }, { defaultStatus: "unknown", product: "SINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.7 SP6 HF3", }, ], }, { defaultStatus: "unknown", product: "SINAMICS G130 V4.7 w. PN", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.7 HF27", }, ], }, { defaultStatus: "unknown", product: "SINAMICS G130 V4.8 w. PN", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.8 HF4", }, ], }, { defaultStatus: "unknown", product: "SINAMICS G150 V4.7 w. PN", vendor: "Siemens", versions: [ { status: "affected", version: "V4.7: All versions < V4.7 HF27", }, ], }, { defaultStatus: "unknown", product: "SINAMICS G150 V4.8 w. PN", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.8 HF4", }, ], }, { defaultStatus: "unknown", product: "SINAMICS S110 w. PN", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.4 SP3 HF5", }, ], }, { defaultStatus: "unknown", product: "SINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.7", }, ], }, { defaultStatus: "unknown", product: "SINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SINAMICS S120 V4.7 w. PN (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.7 HF27", }, ], }, { defaultStatus: "unknown", product: "SINAMICS S120 V4.8 w. PN (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.8 HF4", }, ], }, { defaultStatus: "unknown", product: "SINAMICS S150 V4.7 w. PN", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.7 HF27", }, ], }, { defaultStatus: "unknown", product: "SINAMICS S150 V4.8 w. PN", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.8 HF4", }, ], }, { defaultStatus: "unknown", product: "SINAMICS V90 w. PN", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V1.01", }, ], }, { defaultStatus: "unknown", product: "SINUMERIK 828D V4.5 and prior", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.5 SP6 HF2", }, ], }, { defaultStatus: "unknown", product: "SINUMERIK 828D V4.7", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.7 SP4 HF1", }, ], }, { defaultStatus: "unknown", product: "SINUMERIK 840D sl V4.5 and prior", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.5 SP6 HF2", }, ], }, { defaultStatus: "unknown", product: "SINUMERIK 840D sl V4.7", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.7 SP4 HF1", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200MP IM 155-5 PN HF", vendor: "Siemens", versions: [ { lessThan: "V4.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200MP IM 155-5 PN HF", vendor: "Siemens", versions: [ { lessThan: "V4.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL", vendor: "Siemens", versions: [ { lessThan: "V4.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200MP IM 155-5 PN ST", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP IM 155-6 PN HF", vendor: "Siemens", versions: [ { lessThan: "V4.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP IM 155-6 PN HF", vendor: "Siemens", versions: [ { lessThan: "V4.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL", vendor: "Siemens", versions: [ { lessThan: "V4.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP IM 155-6 PN ST", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP IM 155-6 PN ST BA", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIRIUS ACT 3SU1 interface module PROFINET", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V1.1.0", }, ], }, { defaultStatus: "unknown", product: "SIRIUS Motor Starter M200D PROFINET", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIRIUS Soft Starter 3RW44 PN", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SITOP PSU8600 PROFINET", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V1.2.0", }, ], }, { defaultStatus: "unknown", product: "SITOP UPS1600 PROFINET (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.2.0", }, ], }, { defaultStatus: "unknown", product: "Softnet PROFINET IO for PC-based Windows systems", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14 SP1", }, ], }, ], descriptions: [ { lang: "en", value: "Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T09:33:20.658Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { name: "1038463", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038463", }, { name: "98369", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/98369", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-293562.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2017-2681", datePublished: "2017-05-11T10:00:00", dateReserved: "2016-12-01T00:00:00", dateUpdated: "2024-09-10T09:33:20.658Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43716
Vulnerability from cvelistv5
Published
2023-04-11 09:02
Modified
2024-09-10 09:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SIMATIC CP 1242-7 V2 |
Version: 0 < V3.4.29 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:siemens:siplus_net_cp_443-1:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "siplus_net_cp_443-1", vendor: "siemens", versions: [ { lessThan: "v3.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:simatic_cp_443-1:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_cp_443-1", vendor: "siemens", versions: [ { lessThan: "v3.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:simatic_cp_443-1_advanced:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_cp_443-1_advanced", vendor: "siemens", versions: [ { lessThan: "v3.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:simatic_cp_1242-7_gprs_v2:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_cp_1242-7_gprs_v2", vendor: "siemens", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:simatic_cp_1243-1:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_cp_1243-1", vendor: "siemens", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:simatic_cp_1243-1_dnp3:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_cp_1243-1_dnp3", vendor: "siemens", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:simatic_cp_1243-1_iec:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_cp_1243-1_iec", vendor: "siemens", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_eu:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_cp_1243-7_lte_eu", vendor: "siemens", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_us:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_cp_1243-7_lte_us", vendor: "siemens", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:simatic_cp_1243-8:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_cp_1243-8", vendor: "siemens", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:simatic_cp_1542sp-1:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_cp_1542sp-1", vendor: "siemens", versions: [ { lessThan: "v2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_cp_1542sp-1_irc", vendor: "siemens", versions: [ { lessThan: "v2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:simatic_cp_1543sp-1:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "simatic_cp_1543sp-1", vendor: "siemens", versions: [ { lessThan: "v2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "siplus_et_200sp_cp_1542sp-1_irc_tx_rail", vendor: "siemens", versions: [ { lessThan: "v2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "siplus_et_200sp_cp_1543sp-1_isec", vendor: "siemens", versions: [ { lessThan: "v2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "siplus_et_200sp_cp_1543sp-1_isec_tx_rail", vendor: "siemens", versions: [ { lessThan: "v2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:siplus_net_cp_443-1_advanced:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "siplus_net_cp_443-1_advanced", vendor: "siemens", versions: [ { lessThan: "v3.3", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:siplus_net_cp_1242-7_v2:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "siplus_net_cp_1242-7_v2", vendor: "siemens", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "siplus_s7-1200_cp_1243-1", vendor: "siemens", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1_rail:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "siplus_s7-1200_cp_1243-1_rail", vendor: "siemens", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:siplus_tim_1531_irc:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "siplus_tim_1531_irc", vendor: "siemens", versions: [ { lessThan: "v2.3.6", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:siemens:siplus_tim_1531_irc:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "siplus_tim_1531_irc", vendor: "siemens", versions: [ { lessThan: "v2.3.6", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2022-43716", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T14:12:55.560896Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T14:35:43.227Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T13:40:06.265Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-139628.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-566905.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "SIMATIC CP 1242-7 V2", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-7 LTE EU", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-7 LTE US", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1243-8 IRC", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1542SP-1", vendor: "Siemens", versions: [ { lessThan: "V2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1542SP-1 IRC", vendor: "Siemens", versions: [ { lessThan: "V2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1543SP-1", vendor: "Siemens", versions: [ { lessThan: "V2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 443-1", vendor: "Siemens", versions: [ { lessThan: "V3.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 443-1", vendor: "Siemens", versions: [ { lessThan: "V3.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 443-1 Advanced", vendor: "Siemens", versions: [ { lessThan: "V3.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL", vendor: "Siemens", versions: [ { lessThan: "V2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP CP 1543SP-1 ISEC", vendor: "Siemens", versions: [ { lessThan: "V2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL", vendor: "Siemens", versions: [ { lessThan: "V2.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS NET CP 1242-7 V2", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS NET CP 443-1", vendor: "Siemens", versions: [ { lessThan: "V3.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS NET CP 443-1 Advanced", vendor: "Siemens", versions: [ { lessThan: "V3.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS S7-1200 CP 1243-1", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS S7-1200 CP 1243-1 RAIL", vendor: "Siemens", versions: [ { lessThan: "V3.4.29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS TIM 1531 IRC", vendor: "Siemens", versions: [ { lessThan: "V2.3.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "TIM 1531 IRC", vendor: "Siemens", versions: [ { lessThan: "V2.3.6", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T09:33:31.854Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-139628.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-566905.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-43716", datePublished: "2023-04-11T09:02:49.383Z", dateReserved: "2022-10-24T05:19:12.272Z", dateUpdated: "2024-09-10T09:33:31.854Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }