CVE-2022-47374

EPSS 0.29%
Published 12.12.2023 12:15:10
Last modified 21.11.2024 07:31:51
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle HTTP(S) requests to the web server correctly.

This could allow an attacker to exhaust system resources and create a denial of service condition for the device.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ 6es7412-2ek07-0ab0 Firmware

Siemens ≫ 6es7412-2ek07-0ab0 Version-

Siemens ≫ 6es7414-3em07-0ab0 Firmware

Siemens ≫ 6es7414-3em07-0ab0 Version-

Siemens ≫ 6es7414-3fm07-0ab0 Firmware

Siemens ≫ 6es7414-3fm07-0ab0 Version-

Siemens ≫ 6es7416-3es07-0ab0 Firmware

Siemens ≫ 6es7416-3es07-0ab0 Version-

Siemens ≫ 6es7416-3fs07-0ab0 Firmware

Siemens ≫ 6es7416-3fs07-0ab0 Version-

Siemens ≫ 6ag1414-3em07-7ab0 Firmware

Siemens ≫ 6ag1414-3em07-7ab0 Version-

Siemens ≫ 6ag1416-3es07-7ab0 Firmware

Siemens ≫ 6ag1416-3es07-7ab0 Version-

Siemens ≫ Sinamics S120 Firmware Version-

Siemens ≫ Sinamics S120 Version-

Siemens ≫ Sinamics S120 Firmware Version4.7

Siemens ≫ Sinamics S120 Version-

Siemens ≫ Sinamics S120 Firmware Version4.8

Siemens ≫ Sinamics S120 Version-

Siemens ≫ Sinamics S120 Firmware Version4.9

Siemens ≫ Sinamics S120 Version-

Siemens ≫ Sinamics S120 Firmware Version5.0

Siemens ≫ Sinamics S120 Version-

Siemens ≫ Sinamics S120 Firmware Version5.1 Updatesp1

Siemens ≫ Sinamics S120 Version-

Siemens ≫ Sinamics S120 Firmware Version5.1 Updatesp1_hotfix1

Siemens ≫ Sinamics S120 Version-

Siemens ≫ Sinamics S120 Firmware Version5.1 Updatesp1_hotfix13

Siemens ≫ Sinamics S120 Version-

Siemens ≫ Sinamics S120 Firmware Version5.2 Update-

Siemens ≫ Sinamics S120 Version-

Siemens ≫ Sinamics S120 Firmware Version5.2 Updatehotfix1

Siemens ≫ Sinamics S120 Version-

Siemens ≫ Sinamics S120 Firmware Version5.2 Updatehotfix11

Siemens ≫ Sinamics S120 Version-

Siemens ≫ Sinamics S120 Firmware Version5.2 Updatehotfix7

Siemens ≫ Sinamics S120 Version-

Siemens ≫ Sinamics S120 Firmware Version5.2 Updatesp3

Siemens ≫ Sinamics S120 Version-

Siemens ≫ Sinamics S120 Firmware Version5.2 Updatesp3_hotfix1

Siemens ≫ Sinamics S120 Version-

Siemens ≫ Sinamics S120 Firmware Version5.2 Updatesp3_hotfix13

Siemens ≫ Sinamics S120 Version-

Siemens ≫ Sinamics S120 Firmware Version5.2 Updatesp3_hotfix6

Siemens ≫ Sinamics S120 Version-

Siemens ≫ Sinamics S120 Firmware Version5.2 Updatesp3_hotfix9

Siemens ≫ Sinamics S120 Version-

Siemens ≫ Simatic Pc-station Plus Firmware

Siemens ≫ Simatic Pc-station Plus Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.29%	0.515

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
productcert@siemens.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-674 Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-47374

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-47374

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-47374

EUVD