CVE-2022-47374

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle HTTP(S) requests to the web server correctly.

This could allow an attacker to exhaust system resources and create a denial of service condition for the device.

Se ha identificado una vulnerabilidad en:
SIMATIC PC-Station Plus (todas las versiones),
SIMATIC S7-400 CPU 412-2 PN V7 (todas las versiones),
SIMATIC S7-400 CPU 414-3 PN/DP V7 (todas las versiones),
SIMATIC S7 -400 CPU 414F-3 PN/DP V7 (todas las versiones),
SIMATIC S7-400 CPU 416-3 PN/DP V7 (todas las versiones),
SIMATIC S7-400 CPU 416F-3 PN/DP V7 (todas las versiones),
SINAMICS S120 (incl. variantes SIPLUS) (todas las versiones < V5.2 SP3 HF15),
SIPLUS S7-400 CPU 414-3 PN/DP V7 (todas las versiones),
SIPLUS S7-400 CPU 416-3 PN/DP V7 (todas las versiones) ).
Los productos afectados no manejan correctamente las solicitudes HTTP(S) al servidor web. Esto podría permitir que un atacante agote los recursos del sistema y cree una condición de denegación de servicio para el dispositivo.

*Credits: N/A

CVSS Scores

Siemens AGv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-12-13 CVE Reserved
2023-12-12 CVE Published
2023-12-13 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-674: Uncontrolled Recursion

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf	2023-12-18

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Siemens Search vendor "Siemens"	6es7412-2ek07-0ab0 Firmware Search vendor "Siemens" for product "6es7412-2ek07-0ab0 Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	6es7412-2ek07-0ab0 Search vendor "Siemens" for product "6es7412-2ek07-0ab0"	-	-	Safe
Siemens Search vendor "Siemens"	6es7414-3em07-0ab0 Firmware Search vendor "Siemens" for product "6es7414-3em07-0ab0 Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	6es7414-3em07-0ab0 Search vendor "Siemens" for product "6es7414-3em07-0ab0"	-	-	Safe
Siemens Search vendor "Siemens"	6es7414-3fm07-0ab0 Firmware Search vendor "Siemens" for product "6es7414-3fm07-0ab0 Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	6es7414-3fm07-0ab0 Search vendor "Siemens" for product "6es7414-3fm07-0ab0"	-	-	Safe
Siemens Search vendor "Siemens"	6es7416-3es07-0ab0 Firmware Search vendor "Siemens" for product "6es7416-3es07-0ab0 Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	6es7416-3es07-0ab0 Search vendor "Siemens" for product "6es7416-3es07-0ab0"	-	-	Safe
Siemens Search vendor "Siemens"	6es7416-3fs07-0ab0 Firmware Search vendor "Siemens" for product "6es7416-3fs07-0ab0 Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	6es7416-3fs07-0ab0 Search vendor "Siemens" for product "6es7416-3fs07-0ab0"	-	-	Safe
Siemens Search vendor "Siemens"	6ag1414-3em07-7ab0 Firmware Search vendor "Siemens" for product "6ag1414-3em07-7ab0 Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	6ag1414-3em07-7ab0 Search vendor "Siemens" for product "6ag1414-3em07-7ab0"	-	-	Safe
Siemens Search vendor "Siemens"	6ag1416-3es07-7ab0 Firmware Search vendor "Siemens" for product "6ag1416-3es07-7ab0 Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	6ag1416-3es07-7ab0 Search vendor "Siemens" for product "6ag1416-3es07-7ab0"	-	-	Safe
Siemens Search vendor "Siemens"	Sinamics S120 Firmware Search vendor "Siemens" for product "Sinamics S120 Firmware"	-	-	Affected	in	Siemens Search vendor "Siemens"	Sinamics S120 Search vendor "Siemens" for product "Sinamics S120"	-	-	Safe
Siemens Search vendor "Siemens"	Sinamics S120 Firmware Search vendor "Siemens" for product "Sinamics S120 Firmware"	4.7 Search vendor "Siemens" for product "Sinamics S120 Firmware" and version "4.7"	-	Affected	in	Siemens Search vendor "Siemens"	Sinamics S120 Search vendor "Siemens" for product "Sinamics S120"	-	-	Safe
Siemens Search vendor "Siemens"	Sinamics S120 Firmware Search vendor "Siemens" for product "Sinamics S120 Firmware"	4.8 Search vendor "Siemens" for product "Sinamics S120 Firmware" and version "4.8"	-	Affected	in	Siemens Search vendor "Siemens"	Sinamics S120 Search vendor "Siemens" for product "Sinamics S120"	-	-	Safe
Siemens Search vendor "Siemens"	Sinamics S120 Firmware Search vendor "Siemens" for product "Sinamics S120 Firmware"	4.9 Search vendor "Siemens" for product "Sinamics S120 Firmware" and version "4.9"	-	Affected	in	Siemens Search vendor "Siemens"	Sinamics S120 Search vendor "Siemens" for product "Sinamics S120"	-	-	Safe
Siemens Search vendor "Siemens"	Sinamics S120 Firmware Search vendor "Siemens" for product "Sinamics S120 Firmware"	5.0 Search vendor "Siemens" for product "Sinamics S120 Firmware" and version "5.0"	-	Affected	in	Siemens Search vendor "Siemens"	Sinamics S120 Search vendor "Siemens" for product "Sinamics S120"	-	-	Safe
Siemens Search vendor "Siemens"	Sinamics S120 Firmware Search vendor "Siemens" for product "Sinamics S120 Firmware"	5.1 Search vendor "Siemens" for product "Sinamics S120 Firmware" and version "5.1"	sp1	Affected	in	Siemens Search vendor "Siemens"	Sinamics S120 Search vendor "Siemens" for product "Sinamics S120"	-	-	Safe
Siemens Search vendor "Siemens"	Sinamics S120 Firmware Search vendor "Siemens" for product "Sinamics S120 Firmware"	5.1 Search vendor "Siemens" for product "Sinamics S120 Firmware" and version "5.1"	sp1_hotfix1	Affected	in	Siemens Search vendor "Siemens"	Sinamics S120 Search vendor "Siemens" for product "Sinamics S120"	-	-	Safe
Siemens Search vendor "Siemens"	Sinamics S120 Firmware Search vendor "Siemens" for product "Sinamics S120 Firmware"	5.1 Search vendor "Siemens" for product "Sinamics S120 Firmware" and version "5.1"	sp1_hotfix13	Affected	in	Siemens Search vendor "Siemens"	Sinamics S120 Search vendor "Siemens" for product "Sinamics S120"	-	-	Safe
Siemens Search vendor "Siemens"	Sinamics S120 Firmware Search vendor "Siemens" for product "Sinamics S120 Firmware"	5.2 Search vendor "Siemens" for product "Sinamics S120 Firmware" and version "5.2"	-	Affected	in	Siemens Search vendor "Siemens"	Sinamics S120 Search vendor "Siemens" for product "Sinamics S120"	-	-	Safe
Siemens Search vendor "Siemens"	Sinamics S120 Firmware Search vendor "Siemens" for product "Sinamics S120 Firmware"	5.2 Search vendor "Siemens" for product "Sinamics S120 Firmware" and version "5.2"	hotfix1	Affected	in	Siemens Search vendor "Siemens"	Sinamics S120 Search vendor "Siemens" for product "Sinamics S120"	-	-	Safe
Siemens Search vendor "Siemens"	Sinamics S120 Firmware Search vendor "Siemens" for product "Sinamics S120 Firmware"	5.2 Search vendor "Siemens" for product "Sinamics S120 Firmware" and version "5.2"	hotfix11	Affected	in	Siemens Search vendor "Siemens"	Sinamics S120 Search vendor "Siemens" for product "Sinamics S120"	-	-	Safe
Siemens Search vendor "Siemens"	Sinamics S120 Firmware Search vendor "Siemens" for product "Sinamics S120 Firmware"	5.2 Search vendor "Siemens" for product "Sinamics S120 Firmware" and version "5.2"	hotfix7	Affected	in	Siemens Search vendor "Siemens"	Sinamics S120 Search vendor "Siemens" for product "Sinamics S120"	-	-	Safe
Siemens Search vendor "Siemens"	Sinamics S120 Firmware Search vendor "Siemens" for product "Sinamics S120 Firmware"	5.2 Search vendor "Siemens" for product "Sinamics S120 Firmware" and version "5.2"	sp3	Affected	in	Siemens Search vendor "Siemens"	Sinamics S120 Search vendor "Siemens" for product "Sinamics S120"	-	-	Safe
Siemens Search vendor "Siemens"	Sinamics S120 Firmware Search vendor "Siemens" for product "Sinamics S120 Firmware"	5.2 Search vendor "Siemens" for product "Sinamics S120 Firmware" and version "5.2"	sp3_hotfix1	Affected	in	Siemens Search vendor "Siemens"	Sinamics S120 Search vendor "Siemens" for product "Sinamics S120"	-	-	Safe
Siemens Search vendor "Siemens"	Sinamics S120 Firmware Search vendor "Siemens" for product "Sinamics S120 Firmware"	5.2 Search vendor "Siemens" for product "Sinamics S120 Firmware" and version "5.2"	sp3_hotfix13	Affected	in	Siemens Search vendor "Siemens"	Sinamics S120 Search vendor "Siemens" for product "Sinamics S120"	-	-	Safe
Siemens Search vendor "Siemens"	Sinamics S120 Firmware Search vendor "Siemens" for product "Sinamics S120 Firmware"	5.2 Search vendor "Siemens" for product "Sinamics S120 Firmware" and version "5.2"	sp3_hotfix6	Affected	in	Siemens Search vendor "Siemens"	Sinamics S120 Search vendor "Siemens" for product "Sinamics S120"	-	-	Safe
Siemens Search vendor "Siemens"	Sinamics S120 Firmware Search vendor "Siemens" for product "Sinamics S120 Firmware"	5.2 Search vendor "Siemens" for product "Sinamics S120 Firmware" and version "5.2"	sp3_hotfix9	Affected	in	Siemens Search vendor "Siemens"	Sinamics S120 Search vendor "Siemens" for product "Sinamics S120"	-	-	Safe
Siemens Search vendor "Siemens"	Simatic Pc-station Plus Firmware Search vendor "Siemens" for product "Simatic Pc-station Plus Firmware"	*	-	Affected	in	Siemens Search vendor "Siemens"	Simatic Pc-station Plus Search vendor "Siemens" for product "Simatic Pc-station Plus"	-	-	Safe