CVE-2022-28329

EPSS 0.26%
Published 12.04.2022 09:15:15
Last modified 21.11.2024 06:57:10
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle malformed TCP packets received over the RemoteCapture feature. This could allow an attacker to lead to a denial of service condition which only affects the port used by the RemoteCapture feature.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Scalance W1788-2ia M12 Firmware Version < 3.0.0

Siemens ≫ Scalance W1788-2ia M12 Version-

Siemens ≫ Scalance W1788-2 M12 Firmware Version < 3.0.0

Siemens ≫ Scalance W1788-2 M12 Version-

Siemens ≫ Scalance W1788-2 Eec M12 Firmware Version < 3.0.0

Siemens ≫ Scalance W1788-2 Eec M12 Version-

Siemens ≫ Scalance W1788-1 M12 Firmware Version < 3.0.0

Siemens ≫ Scalance W1788-1 M12 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.26%	0.489

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://cert-portal.siemens.com/productcert/pdf/ssa-392912.pdf

Patch

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2022-28329

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-28329

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-28329

EUVD