CVE-2022-47374

A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle HTTP(S) requests to the web server correctly. This could allow an attacker to exhaust system resources and create a denial of service condition for the device.

CVSS v3.0 7.5 HIGH

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:siemens:6es7412-2ek07-0ab0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6es7412-2ek07-0ab0:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:6es7414-3em07-0ab0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6es7414-3em07-0ab0:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:siemens:6es7414-3fm07-0ab0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6es7414-3fm07-0ab0:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:siemens:6es7416-3es07-0ab0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6es7416-3es07-0ab0:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:siemens:6es7416-3fs07-0ab0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6es7416-3fs07-0ab0:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:siemens:6ag1414-3em07-7ab0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6ag1414-3em07-7ab0:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:siemens:6ag1416-3es07-7ab0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6ag1416-3es07-7ab0:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

OR	cpe:2.3:o:siemens:sinamics_s120_firmware:-:::::::*
	cpe:2.3:o:siemens:sinamics_s120_firmware:4.7:::::::*
	cpe:2.3:o:siemens:sinamics_s120_firmware:4.8:::::::*
	cpe:2.3:o:siemens:sinamics_s120_firmware:4.9:::::::*
	cpe:2.3:o:siemens:sinamics_s120_firmware:5.0:::::::*
	cpe:2.3:o:siemens:sinamics_s120_firmware:5.1:sp1_hotfix13::::::
	cpe:2.3:o:siemens:sinamics_s120_firmware:5.1:sp1_hotfix1::::::
	cpe:2.3:o:siemens:sinamics_s120_firmware:5.1:sp1::::::
	cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:hotfix7::::::
	cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3_hotfix6::::::
	cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3_hotfix13::::::
	cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:hotfix1::::::
	cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3_hotfix9::::::
	cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3_hotfix1::::::
	cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3::::::
	cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:hotfix11::::::
	cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:-::::::

cpe:2.3:h:siemens:sinamics_s120:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:siemens:simatic_pc-station_plus_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_pc-station_plus:-:*:*:*:*:*:*:*

Information

Published : 2023-12-12 12:15

Updated : 2023-12-18 14:52

NVD link : CVE-2022-47374

Mitre link : CVE-2022-47374

JSON object : View

Products Affected

siemens

6ag1416-3es07-7ab0_firmware
6ag1416-3es07-7ab0
simatic_pc-station_plus
6es7412-2ek07-0ab0
6es7416-3es07-0ab0_firmware
6es7414-3em07-0ab0
6es7414-3fm07-0ab0_firmware
6ag1414-3em07-7ab0_firmware
sinamics_s120
6es7414-3fm07-0ab0
6es7416-3es07-0ab0
6es7414-3em07-0ab0_firmware
6es7416-3fs07-0ab0_firmware
6ag1414-3em07-7ab0
sinamics_s120_firmware
simatic_pc-station_plus_firmware
6es7416-3fs07-0ab0
6es7412-2ek07-0ab0_firmware

CWE

CWE-674

Uncontrolled Recursion

7.5 /10