CVE-2022-27194

Published: Apr 12, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17). The affected system cannot properly process specially crafted packets sent to port 8888/tcp. A remote attacker could exploit this vulnerability to cause a Denial-of-Service condition. The affected devices must be restarted manually.

Affected (7)

Products: Siemens: Simatic Pcs Neo, Sinetplan, Totally Integrated Automation Portal

Siemens

3 products

Simatic Pcs Neo

Sinetplan

Totally Integrated Automation Portal

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Siemens Simatic Pcs Neo	Before 3.1
Siemens Simatic Pcs Neo	Version 3.1
Siemens Sinetplan	All versions
Siemens Totally Integrated Automation Portal	Version 15.1
Siemens Totally Integrated Automation Portal	Version 15
Siemens Totally Integrated Automation Portal	Version 16
Siemens Totally Integrated Automation Portal	Version 17

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-711829.pdf

Source: productcert@siemens.com

MitigationPatchVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-711829.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationPatchVendor Advisory

Timeline

No history available yet.