CVSS: 7.5EPSS: 0%CPEs: 34EXPL: 0CVE-2022-47375
https://notcve.org/view.php?id=CVE-2022-47375
A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle long file names correctly. This could allow an attacker to create a buffer overflow and create a denial of service condition for the device. Se ha identificado una vulnerabilidad en: SIMATIC PC-Station Plus (todas las versiones), SIMATIC S7-400 CPU 412-2 PN V7 (todas las versiones), SIMATIC S7-400 CPU 414-3 PN/DP V7 (todas las versiones), SIMATIC S7 -400 CPU 414F-3 PN/DP V7 (todas las versiones), SIMATIC S7-400 CPU 416-3 PN/DP V7 (todas las versiones), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (todas las versiones), SINAMICS S120 (incl. variantes SIPLUS) (todas las versiones < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (todas las versiones), SIPLUS S7-400 CPU 416-3 PN/DP V7 (todas las versiones) ). Los productos afectados no manejan correctamente los nombres de archivos largos. Esto podría permitir a un atacante crear un desbordamiento del búfer y crear una condición de denegación de servicio para el dispositivo. • https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-805: Buffer Access with Incorrect Length Value •
CVSS: 7.5EPSS: 0%CPEs: 34EXPL: 0CVE-2022-47374
https://notcve.org/view.php?id=CVE-2022-47374
A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle HTTP(S) requests to the web server correctly. This could allow an attacker to exhaust system resources and create a denial of service condition for the device. Se ha identificado una vulnerabilidad en: SIMATIC PC-Station Plus (todas las versiones), SIMATIC S7-400 CPU 412-2 PN V7 (todas las versiones), SIMATIC S7-400 CPU 414-3 PN/DP V7 (todas las versiones), SIMATIC S7 -400 CPU 414F-3 PN/DP V7 (todas las versiones), SIMATIC S7-400 CPU 416-3 PN/DP V7 (todas las versiones), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (todas las versiones), SINAMICS S120 (incl. variantes SIPLUS) (todas las versiones < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (todas las versiones), SIPLUS S7-400 CPU 416-3 PN/DP V7 (todas las versiones) ). Los productos afectados no manejan correctamente las solicitudes HTTP(S) al servidor web. Esto podría permitir que un atacante agote los recursos del sistema y cree una condición de denegación de servicio para el dispositivo. • https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf • CWE-674: Uncontrolled Recursion •