← Back

CVE-2022-47374

nvd nist
Published: Dec 12, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: productcert@siemens.com (Secondary)

Description

A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle HTTP(S) requests to the web server correctly. This could allow an attacker to exhaust system resources and create a denial of service condition for the device.

Affected (25)

Siemens
9 products
6es7412 2ek07 0ab0 Firmware
6es7414 3em07 0ab0 Firmware
6es7414 3fm07 0ab0 Firmware
6es7416 3es07 0ab0 Firmware
6es7416 3fs07 0ab0 Firmware
6ag1414 3em07 7ab0 Firmware
6ag1416 3es07 7ab0 Firmware
Sinamics S120 Firmware
Simatic Pc Station Plus Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
6es7412 2ek07 0ab0 Firmware
All versions
Running on/withPlatform Versions
Siemens
6es7412 2ek07 0ab0
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
6es7414 3em07 0ab0 Firmware
All versions
Running on/withPlatform Versions
Siemens
6es7414 3em07 0ab0
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
6es7414 3fm07 0ab0 Firmware
All versions
Running on/withPlatform Versions
Siemens
6es7414 3fm07 0ab0
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
6es7416 3es07 0ab0 Firmware
All versions
Running on/withPlatform Versions
Siemens
6es7416 3es07 0ab0
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
6es7416 3fs07 0ab0 Firmware
All versions
Running on/withPlatform Versions
Siemens
6es7416 3fs07 0ab0
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
6ag1414 3em07 7ab0 Firmware
All versions
Running on/withPlatform Versions
Siemens
6ag1414 3em07 7ab0
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
6ag1416 3es07 7ab0 Firmware
All versions
Running on/withPlatform Versions
Siemens
6ag1416 3es07 7ab0
All versions
Configuration H
17 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siemens
Sinamics S120 Firmware
All versions
Sinamics S120 Firmware
Version 4.7
Sinamics S120 Firmware
Version 4.8
Sinamics S120 Firmware
Version 4.9
Sinamics S120 Firmware
Version 5.0
Sinamics S120 Firmware
Version 5.1 sp1
Sinamics S120 Firmware
Version 5.1 sp1_hotfix13
Sinamics S120 Firmware
Version 5.1 sp1_hotfix1
Sinamics S120 Firmware
Version 5.2
Sinamics S120 Firmware
Version 5.2 hotfix11
Sinamics S120 Firmware
Version 5.2 hotfix1
Sinamics S120 Firmware
Version 5.2 hotfix7
Sinamics S120 Firmware
Version 5.2 sp3
Sinamics S120 Firmware
Version 5.2 sp3_hotfix13
Sinamics S120 Firmware
Version 5.2 sp3_hotfix1
Sinamics S120 Firmware
Version 5.2 sp3_hotfix6
Sinamics S120 Firmware
Version 5.2 sp3_hotfix9
Running on/withPlatform Versions
Siemens
Sinamics S120
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic Pc Station Plus Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic Pc Station Plus
All versions

Related CWEs

CWE-674
Uncontrolled Recursion
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

References (2)

Source: productcert@siemens.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.