var-202204-0227
Vulnerability from variot
A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17). The affected system cannot properly process specially crafted packets sent to port 8888/tcp. A remote attacker could exploit this vulnerability to cause a Denial-of-Service condition. The affected devices must be restarted manually. Siemens' SIMATIC PCS neo , sinetplan , totally integrated automation portal Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202204-0227", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "sinetplan", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "totally integrated automation portal", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "16" }, { "model": "totally integrated automation portal", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "totally integrated automation portal", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "15" }, { "model": "totally integrated automation portal", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "17" }, { "model": "simatic pcs neo", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "simatic pcs neo", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "sinetplan", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "totally integrated automation portal", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic pcs neo", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-008099" }, { "db": "NVD", "id": "CVE-2022-27194" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_neo:3.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sinetplan:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:totally_integrated_automation_portal:15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:totally_integrated_automation_portal:15.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:totally_integrated_automation_portal:16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:totally_integrated_automation_portal:17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-27194" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Peter Cheng of Elex Feigong Research reported this vulnerability to Siemens.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202204-2947" } ], "trust": 0.6 }, "cve": "CVE-2022-27194", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2022-27194", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2022-27194", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-27194", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202204-2947", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2022-27194", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-27194" }, { "db": "JVNDB", "id": "JVNDB-2022-008099" }, { "db": "NVD", "id": "CVE-2022-27194" }, { "db": "CNNVD", "id": "CNNVD-202204-2947" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions \u003c V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17). The affected system cannot properly process specially crafted packets sent to port 8888/tcp. A remote attacker could exploit this vulnerability to cause a Denial-of-Service condition. The affected devices must be restarted manually. Siemens\u0027 SIMATIC PCS neo , sinetplan , totally integrated automation portal Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-27194" }, { "db": "JVNDB", "id": "JVNDB-2022-008099" }, { "db": "VULMON", "id": "CVE-2022-27194" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-27194", "trust": 3.3 }, { "db": "SIEMENS", "id": "SSA-711829", "trust": 2.5 }, { "db": "ICS CERT", "id": "ICSA-22-104-16", "trust": 1.5 }, { "db": "JVN", "id": "JVNVU91165555", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-008099", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2022042009", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202204-2947", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-27194", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-27194" }, { "db": "JVNDB", "id": "JVNDB-2022-008099" }, { "db": "NVD", "id": "CVE-2022-27194" }, { "db": "CNNVD", "id": "CNNVD-202204-2947" } ] }, "id": "VAR-202204-0227", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.6076923 }, "last_update_date": "2023-12-18T11:56:14.931000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Multiple Siemens SIMATIC product Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=189472" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202204-2947" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.0 }, { "problemtype": "Resource exhaustion (CWE-400) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-008099" }, { "db": "NVD", "id": "CVE-2022-27194" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-711829.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91165555/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27194" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-104-16" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-104-16" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/simatic-pcs-neo-denial-of-service-via-tia-administrator-38021" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022042009" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-27194/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/400.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-16" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-27194" }, { "db": "JVNDB", "id": "JVNDB-2022-008099" }, { "db": "NVD", "id": "CVE-2022-27194" }, { "db": "CNNVD", "id": "CNNVD-202204-2947" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-27194" }, { "db": "JVNDB", "id": "JVNDB-2022-008099" }, { "db": "NVD", "id": "CVE-2022-27194" }, { "db": "CNNVD", "id": "CNNVD-202204-2947" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-04-12T00:00:00", "db": "VULMON", "id": "CVE-2022-27194" }, { "date": "2023-07-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-008099" }, { "date": "2022-04-12T09:15:15.017000", "db": "NVD", "id": "CVE-2022-27194" }, { "date": "2022-04-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202204-2947" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-04-19T00:00:00", "db": "VULMON", "id": "CVE-2022-27194" }, { "date": "2023-07-24T08:22:00", "db": "JVNDB", "id": "JVNDB-2022-008099" }, { "date": "2022-04-19T18:28:39.223000", "db": "NVD", "id": "CVE-2022-27194" }, { "date": "2022-04-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202204-2947" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202204-2947" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Resource Exhaustion Vulnerability in Multiple Siemens Products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-008099" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202204-2947" } ], "trust": 0.6 } }
Loading...