VAR-202210-0467
Vulnerability from variot - Updated: 2023-12-18 11:48A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V17 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V17 Update 4), SIMATIC HMI KTP1200 Basic (All versions < V17 Update 5), SIMATIC HMI KTP400 Basic (All versions < V17 Update 5), SIMATIC HMI KTP700 Basic (All versions < V17 Update 5), SIMATIC HMI KTP900 Basic (All versions < V17 Update 5), SIPLUS HMI KTP1200 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP400 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP700 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP900 BASIC (All versions < V17 Update 5). Affected devices do not properly validate input sent to certain services over TCP. This could allow an unauthenticated remote attacker to cause a permanent denial of service condition (requiring a device reboot) by sending specially crafted TCP packets. simatic hmi comfort panels firmware, simatic hmi ktp400 basic firmware, simatic hmi ktp700 basic Multiple Siemens products, including firmware, contain vulnerabilities related to input validation.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC HMI Comfort Panels is a touch panel device from Siemens, Germany.
Several Siemens products have an input validation error vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0467",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "siplus hmi ktp400 basic",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "siplus hmi ktp900 basic",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "siplus hmi ktp1200 basic",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "siplus hmi ktp700 basic",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "siplus hmi ktp700 basic",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi ktp900 basic",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "siplus hmi ktp1200 basic",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "siplus hmi ktp900 basic",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi ktp400 basic",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi ktp400 basic",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "siplus hmi ktp400 basic",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi ktp mobile panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi ktp700 basic",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi ktp900 basic",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi ktp1200 basic",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi ktp1200 basic",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi ktp mobile panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi ktp700 basic",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi comfort panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17.0"
},
{
"model": "simatic hmi ktp1200 basic",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic hmi ktp900 basic",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic hmi comfort panels",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "siplus hmi ktp400 basic",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "siplus hmi ktp700 basic",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic hmi ktp mobile panels",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "siplus hmi ktp1200 basic",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "siplus hmi ktp900 basic",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic hmi ktp700 basic",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic hmi ktp400 basic",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic hmi comfort panels update",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v174"
},
{
"model": "simatic hmi ktp mobile panels update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v174"
},
{
"model": "simatic hmi ktp1200 basic update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v175"
},
{
"model": "simatic hmi ktp400 basic update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v175"
},
{
"model": "simatic hmi ktp700 basic update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v175"
},
{
"model": "simatic hmi ktp900 basic update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v175"
},
{
"model": "siplus hmi ktp1200 basic update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v175"
},
{
"model": "siplus hmi ktp400 basic update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v175"
},
{
"model": "siplus hmi ktp700 basic update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v175"
},
{
"model": "siplus hmi ktp900 basic update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v175"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-91619"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018713"
},
{
"db": "NVD",
"id": "CVE-2022-40227"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:17.0:update1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:17.0:update2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:17.0:update3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:17.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "17.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_comfort_panels:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp400_basic_firmware:17.0:update4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp400_basic_firmware:17.0:udpate1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp400_basic_firmware:17.0:update2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp400_basic_firmware:17.0:update3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp400_basic_firmware:17.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp400_basic_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "17.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_ktp400_basic:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp700_basic_firmware:17.0:update4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp700_basic_firmware:17.0:udpate1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp700_basic_firmware:17.0:update2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp700_basic_firmware:17.0:update3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp700_basic_firmware:17.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp700_basic_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "17.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_ktp700_basic:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp900_basic_firmware:17.0:udpate1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp900_basic_firmware:17.0:update2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp900_basic_firmware:17.0:update3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp900_basic_firmware:17.0:update4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp900_basic_firmware:17.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp900_basic_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "17.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_ktp900_basic:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp1200_basic_firmware:17.0:udpate1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp1200_basic_firmware:17.0:update2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp1200_basic_firmware:17.0:update3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp1200_basic_firmware:17.0:update4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp1200_basic_firmware:17.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp1200_basic_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "17.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_ktp1200_basic:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:17.0:udpate1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:17.0:update2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:17.0:update3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:17.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "17.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:siplus_hmi_ktp400_basic_firmware:17.0:udpate1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:siplus_hmi_ktp400_basic_firmware:17.0:update2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:siplus_hmi_ktp400_basic_firmware:17.0:update3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:siplus_hmi_ktp400_basic_firmware:17.0:update4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:siplus_hmi_ktp400_basic_firmware:17.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:siplus_hmi_ktp400_basic_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "17.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:siplus_hmi_ktp400_basic:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:siplus_hmi_ktp700_basic_firmware:17.0:udpate1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:siplus_hmi_ktp700_basic_firmware:17.0:update2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:siplus_hmi_ktp700_basic_firmware:17.0:update3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:siplus_hmi_ktp700_basic_firmware:17.0:update4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:siplus_hmi_ktp700_basic_firmware:17.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:siplus_hmi_ktp700_basic_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "17.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:siplus_hmi_ktp700_basic:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:siplus_hmi_ktp900_basic_firmware:17.0:udpate1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:siplus_hmi_ktp900_basic_firmware:17.0:update2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:siplus_hmi_ktp900_basic_firmware:17.0:update3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:siplus_hmi_ktp900_basic_firmware:17.0:update4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:siplus_hmi_ktp900_basic_firmware:17.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:siplus_hmi_ktp900_basic_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "17.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:siplus_hmi_ktp900_basic:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:siplus_hmi_ktp1200_basic_firmware:17.0:udpate1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:siplus_hmi_ktp1200_basic_firmware:17.0:update2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:siplus_hmi_ktp1200_basic_firmware:17.0:update3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:siplus_hmi_ktp1200_basic_firmware:17.0:update4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:siplus_hmi_ktp1200_basic_firmware:17.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:siplus_hmi_ktp1200_basic_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "17.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:siplus_hmi_ktp1200_basic:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40227"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported this vulnerability to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-446"
}
],
"trust": 0.6
},
"cve": "CVE-2022-40227",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-91619",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-40227",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-40227",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-91619",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-446",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-91619"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018713"
},
{
"db": "NVD",
"id": "CVE-2022-40227"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-446"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions \u003c V17 Update 4), SIMATIC HMI KTP Mobile Panels (All versions \u003c V17 Update 4), SIMATIC HMI KTP1200 Basic (All versions \u003c V17 Update 5), SIMATIC HMI KTP400 Basic (All versions \u003c V17 Update 5), SIMATIC HMI KTP700 Basic (All versions \u003c V17 Update 5), SIMATIC HMI KTP900 Basic (All versions \u003c V17 Update 5), SIPLUS HMI KTP1200 BASIC (All versions \u003c V17 Update 5), SIPLUS HMI KTP400 BASIC (All versions \u003c V17 Update 5), SIPLUS HMI KTP700 BASIC (All versions \u003c V17 Update 5), SIPLUS HMI KTP900 BASIC (All versions \u003c V17 Update 5). Affected devices do not properly validate input sent to certain services over TCP. This could allow an unauthenticated remote attacker to cause a permanent denial of service condition (requiring a device reboot) by sending specially crafted TCP packets. simatic hmi comfort panels firmware, simatic hmi ktp400 basic firmware, simatic hmi ktp700 basic Multiple Siemens products, including firmware, contain vulnerabilities related to input validation.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC HMI Comfort Panels is a touch panel device from Siemens, Germany. \n\r\n\r\nSeveral Siemens products have an input validation error vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40227"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018713"
},
{
"db": "CNVD",
"id": "CNVD-2022-91619"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-40227",
"trust": 3.8
},
{
"db": "SIEMENS",
"id": "SSA-384224",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-22-286-14",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU92214181",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018713",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-91619",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202210-446",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-91619"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018713"
},
{
"db": "NVD",
"id": "CVE-2022-40227"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-446"
}
]
},
"id": "VAR-202210-0467",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-91619"
}
],
"trust": 1.2635212624999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-91619"
}
]
},
"last_update_date": "2023-12-18T11:48:51.632000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Various Siemens products input validation error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/384516"
},
{
"title": "Siemens SIMATIC HMI Comfort Panels Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=210554"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-91619"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-446"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018713"
},
{
"db": "NVD",
"id": "CVE-2022-40227"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-384224.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92214181/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40227"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-286-14"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-286-14"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/simatic-hmi-denial-of-service-via-tcp-packets-39514"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-40227/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-91619"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018713"
},
{
"db": "NVD",
"id": "CVE-2022-40227"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-446"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-91619"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018713"
},
{
"db": "NVD",
"id": "CVE-2022-40227"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-446"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-91619"
},
{
"date": "2023-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018713"
},
{
"date": "2022-10-11T11:15:10.940000",
"db": "NVD",
"id": "CVE-2022-40227"
},
{
"date": "2022-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-446"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-91619"
},
{
"date": "2023-10-23T02:35:00",
"db": "JVNDB",
"id": "JVNDB-2022-018713"
},
{
"date": "2022-10-14T17:07:23.703000",
"db": "NVD",
"id": "CVE-2022-40227"
},
{
"date": "2022-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-446"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-446"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation vulnerability in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018713"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-446"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…