Action not permitted
Modal body text goes here.
ghsa-xx9f-xg2j-c647
Vulnerability from github
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges.
{ "affected": [], "aliases": [ "CVE-2022-34821" ], "database_specific": { "cwe_ids": [ "CWE-94" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2022-07-12T10:15:00Z", "severity": "CRITICAL" }, "details": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 IRC (All versions \u003e= V2.0), SIMATIC CP 1543-1 (All versions \u003c V3.0.22), SIMATIC CP 1543SP-1 (All versions \u003e= V2.0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions \u003e= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions \u003e= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions \u003e= V2.0), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 1543-1 (All versions \u003c V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges.", "id": "GHSA-xx9f-xg2j-c647", "modified": "2022-07-16T00:00:21Z", "published": "2022-07-13T00:01:56Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34821" }, { "type": "WEB", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf" }, { "type": "WEB", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
cve-2022-34821
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:22:10.733Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM RM1224 LTE(4G) EU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RM1224 LTE(4G) NAM", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M804PB", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M812-1 ADSL-Router (Annex A)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M812-1 ADSL-Router (Annex B)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M816-1 ADSL-Router (Annex A)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M816-1 ADSL-Router (Annex B)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M826-2 SHDSL-Router", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M874-2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M874-3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M876-3 (EVDO)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M876-3 (ROK)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M876-4", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M876-4 (EU)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M876-4 (NAM)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE MUM853-1 (EU)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE MUM856-1 (EU)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE MUM856-1 (RoW)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE S615", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE S615 EEC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC622-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC622-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 \u003c V3.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC626-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC626-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 \u003c V3.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC632-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC632-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 \u003c V3.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC636-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC636-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 \u003c V3.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC642-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC642-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 \u003c V3.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC646-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC646-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 \u003c V3.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WAM763-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WAM766-1 (EU)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WAM766-1 (US)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WAM766-1 EEC (EU)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WAM766-1 EEC (US)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WUM763-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WUM763-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WUM766-1 (EU)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WUM766-1 (US)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1242-7 V2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE EU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE US", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-8 IRC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1542SP-1 IRC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1543-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.0.22" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1543SP-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 1242-7 V2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 1543-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.0.22" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-1200 CP 1243-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-1200 CP 1243-1 RAIL", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions \u003c V7.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions \u003c V7.2), SCALANCE M804PB (All versions \u003c V7.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions \u003c V7.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions \u003c V7.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions \u003c V7.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions \u003c V7.2), SCALANCE M826-2 SHDSL-Router (All versions \u003c V7.2), SCALANCE M874-2 (All versions \u003c V7.2), SCALANCE M874-3 (All versions \u003c V7.2), SCALANCE M876-3 (EVDO) (All versions \u003c V7.2), SCALANCE M876-3 (ROK) (All versions \u003c V7.2), SCALANCE M876-4 (All versions \u003c V7.2), SCALANCE M876-4 (EU) (All versions \u003c V7.2), SCALANCE M876-4 (NAM) (All versions \u003c V7.2), SCALANCE MUM853-1 (EU) (All versions \u003c V7.2), SCALANCE MUM856-1 (EU) (All versions \u003c V7.2), SCALANCE MUM856-1 (RoW) (All versions \u003c V7.2), SCALANCE S615 (All versions \u003c V7.2), SCALANCE S615 EEC (All versions \u003c V7.2), SCALANCE SC622-2C (All versions \u003c V2.3), SCALANCE SC622-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC626-2C (All versions \u003c V2.3), SCALANCE SC626-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC632-2C (All versions \u003c V2.3), SCALANCE SC632-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC636-2C (All versions \u003c V2.3), SCALANCE SC636-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC642-2C (All versions \u003c V2.3), SCALANCE SC642-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC646-2C (All versions \u003c V2.3), SCALANCE SC646-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE WAM763-1 (All versions), SCALANCE WAM766-1 (EU) (All versions), SCALANCE WAM766-1 (US) (All versions), SCALANCE WAM766-1 EEC (EU) (All versions), SCALANCE WAM766-1 EEC (US) (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM766-1 (EU) (All versions), SCALANCE WUM766-1 (US) (All versions), SIMATIC CP 1242-7 V2 (All versions \u003c V3.3.46), SIMATIC CP 1243-1 (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE US (All versions \u003c V3.3.46), SIMATIC CP 1243-8 IRC (All versions \u003c V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions \u003e= V2.0 \u003c V2.2.28), SIMATIC CP 1543-1 (All versions \u003c V3.0.22), SIMATIC CP 1543SP-1 (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions \u003c V3.3.46), SIPLUS NET CP 1543-1 (All versions \u003c V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions \u003c V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions \u003c V3.3.46). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-10T10:20:57.022Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-34821", "datePublished": "2022-07-12T00:00:00", "dateReserved": "2022-06-29T00:00:00", "dateUpdated": "2024-08-03T09:22:10.733Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.