← Back

CVE-2022-25622

nvd nist
Published: Apr 12, 2022Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments.

Affected (12)

Siemens
12 products
Simatic Cfu Diq Firmware
Simatic Cfu Pa Firmware
Simatic S7 300 Cpu Firmware
Simatic S7 400h V6 Firmware
Simatic S7 400 Pn/dp V7 Firmware
Simatic S7 410 V8 Firmware
Simatic S7 410 V10 Firmware
Simatic S7 1500 Cpu Firmware
Simatic Tdc Cp51m1 Firmware
Simatic Tdc Cpu555 Firmware
Simatic Winac Rtx Firmware
Simit Simulation Platform
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Cfu Diq Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Cfu Diq
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Cfu Pa Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Cfu Pa
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic S7 300 Cpu Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic S7 300 Cpu
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic S7 400h V6 Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic S7 400h V6
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic S7 400 Pn/dp V7 Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic S7 400 Pn/dp V7
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic S7 410 V8 Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic S7 410 V8
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic S7 410 V10 Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic S7 410 V10
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic S7 1500 Cpu Firmware
Before 2.0.0
Running on/withPlatform Versions
Siemens
Simatic S7 1500 Cpu
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Tdc Cp51m1 Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Tdc Cp51m1
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Tdc Cpu555 Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Tdc Cpu555
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Winac Rtx Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Winac Rtx
All versions
Configuration L
1 vulnerable
Vulnerable SoftwareAffected Versions
Simit Simulation Platform
All versions

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (4)

Source: productcert@siemens.com
Source: productcert@siemens.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.