ID

VAR-202204-0684


CVE

CVE-2022-25622


TITLE

Resource Exhaustion Vulnerability in Multiple Siemens Products

Trust: 0.8

sources: JVNDB: JVNDB-2022-008398

DESCRIPTION

The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments. simatic cfu diq firmware, SIMATIC CFU PA firmware, SIMATIC S7-300 CPU Multiple Siemens products such as firmware contain a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. The SIMATIC S7-400 CPU family is designed for process control in industrial environments. The SIMATIC S7-300 CPU family is designed for discrete and continuous control in industrial environments. The SIMATIC S7-1500 CPU family is designed for discrete and continuous control in industrial environments. The SIMATIC Compact Field Unit (SIMATIC CFU) is an intelligent field distributor. The SIMATIC ET 200 interface module is used to connect field devices (IO devices) to the controller via PROFINET. SIMATIC TDC is a multiprocessor automation system for drive, control and technical tasks. SIMATIC WinAC RTX is the SIMATIC software controller for PC-based automation solutions. SIPLUSextreme products are designed for reliable operation under extreme conditions. The SIMIT Simulation Platform allows the simulation of plant setups to predict failures at an early planning stage. A denial of service vulnerability exists in Siemens PROFINET Stack Integrated on Interniche Stack. A vulnerability has been identified in SIMATIC CFU DIQ (All versions), SIMATIC CFU PA (All versions), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX (All versions), SIMIT Simulation Platform (All versions)

Trust: 2.25

sources: NVD: CVE-2022-25622 // JVNDB: JVNDB-2022-008398 // CNVD: CNVD-2022-28496 // VULMON: CVE-2022-25622

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-28496

AFFECTED PRODUCTS

vendor:siemensmodel:simatic s7-300 cpuscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-410 v8scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-400 pn\/dp v7scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-400h v6scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic tdc cpu555scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpuscope:ltversion:2.0.0

Trust: 1.0

vendor:siemensmodel:simatic cfu diqscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic winac rtxscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cfu pascope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic tdc cp51m1scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simit simulation platformscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-410 v10scope:eqversion:*

Trust: 1.0

vendor:シーメンスmodel:simatic s7-410 v10scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic cfu diqscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-400 pn/dp v7scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-1500 cpuscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-410 v8scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic cfu pascope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-300 cpuscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic tdc cp51m1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic tdc cpu555scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic s7-400h v6scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simit simulation platformscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic winac rtxscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-300 cpu familyscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic s7-1500 cpu familyscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic tdc cp51m1scope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic tdc cpu555scope: - version: -

Trust: 0.6

vendor:siemensmodel:simit simulation platformscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic cfu diqscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic cfu pascope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic s7-400 h cpu familyscope:eqversion:v6<6.0.10

Trust: 0.6

vendor:siemensmodel:simatic s7-400 pn/dp cpu familyscope:eqversion:v7

Trust: 0.6

vendor:siemensmodel:simatic s7-410 cpu familyscope:eqversion:v8

Trust: 0.6

vendor:siemensmodel:simatic s7-410 cpu familyscope:eqversion:v10

Trust: 0.6

vendor:siemensmodel:simatic winac rtxscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-28496 // JVNDB: JVNDB-2022-008398 // NVD: CVE-2022-25622

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-25622
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2022-25622
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-25622
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-28496
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202204-2940
value: HIGH

Trust: 0.6

VULMON: CVE-2022-25622
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-25622
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-28496
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-25622
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2022-25622
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-25622
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-28496 // VULMON: CVE-2022-25622 // JVNDB: JVNDB-2022-008398 // CNNVD: CNNVD-202204-2940 // NVD: CVE-2022-25622 // NVD: CVE-2022-25622

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.0

problemtype:Resource exhaustion (CWE-400) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-008398 // NVD: CVE-2022-25622

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-2940

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202204-2940

PATCH

title:Patch for Siemens PROFINET Stack Integrated on Interniche Stack Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/329201

Trust: 0.6

title:Multiple Siemens SIMATIC Product resource management error vulnerability fixesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=245481

Trust: 0.6

sources: CNVD: CNVD-2022-28496 // CNNVD: CNNVD-202204-2940

EXTERNAL IDS

db:NVDid:CVE-2022-25622

Trust: 3.9

db:SIEMENSid:SSA-446448

Trust: 3.1

db:ICS CERTid:ICSA-22-104-06

Trust: 1.5

db:JVNid:JVNVU91165555

Trust: 0.8

db:JVNDBid:JVNDB-2022-008398

Trust: 0.8

db:CNVDid:CNVD-2022-28496

Trust: 0.6

db:AUSCERTid:ESB-2022.1713

Trust: 0.6

db:CS-HELPid:SB2022042008

Trust: 0.6

db:CNNVDid:CNNVD-202204-2940

Trust: 0.6

db:VULMONid:CVE-2022-25622

Trust: 0.1

sources: CNVD: CNVD-2022-28496 // VULMON: CVE-2022-25622 // JVNDB: JVNDB-2022-008398 // CNNVD: CNNVD-202204-2940 // NVD: CVE-2022-25622

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdf

Trust: 3.1

url:https://cert-portal.siemens.com/productcert/html/ssa-446448.html

Trust: 1.0

url:https://jvn.jp/vu/jvnvu91165555/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-25622

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-104-06

Trust: 0.8

url:https://vigilance.fr/vulnerability/simatic-denial-of-service-via-profinet-interniche-ip-stack-38018

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-104-06

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-25622/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1713

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042008

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/400.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-06

Trust: 0.1

sources: CNVD: CNVD-2022-28496 // VULMON: CVE-2022-25622 // JVNDB: JVNDB-2022-008398 // CNNVD: CNNVD-202204-2940 // NVD: CVE-2022-25622

CREDITS

Siemens reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202204-2940

SOURCES

db:CNVDid:CNVD-2022-28496
db:VULMONid:CVE-2022-25622
db:JVNDBid:JVNDB-2022-008398
db:CNNVDid:CNNVD-202204-2940
db:NVDid:CVE-2022-25622

LAST UPDATE DATE

2024-08-14T13:42:54.772000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-28496date:2022-04-13T00:00:00
db:VULMONid:CVE-2022-25622date:2022-04-22T00:00:00
db:JVNDBid:JVNDB-2022-008398date:2023-07-26T08:25:00
db:CNNVDid:CNNVD-202204-2940date:2023-07-12T00:00:00
db:NVDid:CVE-2022-25622date:2024-07-09T12:15:05.463

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-28496date:2022-04-13T00:00:00
db:VULMONid:CVE-2022-25622date:2022-04-12T00:00:00
db:JVNDBid:JVNDB-2022-008398date:2023-07-26T00:00:00
db:CNNVDid:CNNVD-202204-2940date:2022-04-12T00:00:00
db:NVDid:CVE-2022-25622date:2022-04-12T09:15:14.483