7.5

CVE-2022-47375

A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle long file names correctly.

This could allow an attacker to create a buffer overflow and create a denial of service condition for the device.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SiemensSinamics S120 Firmware Version-
   SiemensSinamics S120 Version-
SiemensSinamics S120 Firmware Version4.7
   SiemensSinamics S120 Version-
SiemensSinamics S120 Firmware Version4.8
   SiemensSinamics S120 Version-
SiemensSinamics S120 Firmware Version4.9
   SiemensSinamics S120 Version-
SiemensSinamics S120 Firmware Version5.0
   SiemensSinamics S120 Version-
SiemensSinamics S120 Firmware Version5.1 Updatesp1
   SiemensSinamics S120 Version-
SiemensSinamics S120 Firmware Version5.1 Updatesp1_hotfix1
   SiemensSinamics S120 Version-
SiemensSinamics S120 Firmware Version5.1 Updatesp1_hotfix13
   SiemensSinamics S120 Version-
SiemensSinamics S120 Firmware Version5.2 Update-
   SiemensSinamics S120 Version-
SiemensSinamics S120 Firmware Version5.2 Updatehotfix1
   SiemensSinamics S120 Version-
SiemensSinamics S120 Firmware Version5.2 Updatehotfix11
   SiemensSinamics S120 Version-
SiemensSinamics S120 Firmware Version5.2 Updatehotfix7
   SiemensSinamics S120 Version-
SiemensSinamics S120 Firmware Version5.2 Updatesp3
   SiemensSinamics S120 Version-
SiemensSinamics S120 Firmware Version5.2 Updatesp3_hotfix1
   SiemensSinamics S120 Version-
SiemensSinamics S120 Firmware Version5.2 Updatesp3_hotfix13
   SiemensSinamics S120 Version-
SiemensSinamics S120 Firmware Version5.2 Updatesp3_hotfix6
   SiemensSinamics S120 Version-
SiemensSinamics S120 Firmware Version5.2 Updatesp3_hotfix9
   SiemensSinamics S120 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.3% 0.53
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
productcert@siemens.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-805 Buffer Access with Incorrect Length Value

The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.