Details of VAR-202204-0684

ID

VAR-202204-0684

CVE

CVE-2022-25622

TITLE

Resource Exhaustion Vulnerability in Multiple Siemens Products

Trust: 0.8

sources: JVNDB: JVNDB-2022-008398

DESCRIPTION

The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments. simatic cfu diq firmware, SIMATIC CFU PA firmware, SIMATIC S7-300 CPU Multiple Siemens products such as firmware contain a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. The SIMATIC S7-400 CPU family is designed for process control in industrial environments. The SIMATIC S7-300 CPU family is designed for discrete and continuous control in industrial environments. The SIMATIC S7-1500 CPU family is designed for discrete and continuous control in industrial environments. The SIMATIC Compact Field Unit (SIMATIC CFU) is an intelligent field distributor. The SIMATIC ET 200 interface module is used to connect field devices (IO devices) to the controller via PROFINET. SIMATIC TDC is a multiprocessor automation system for drive, control and technical tasks. SIMATIC WinAC RTX is the SIMATIC software controller for PC-based automation solutions. SIPLUSextreme products are designed for reliable operation under extreme conditions. The SIMIT Simulation Platform allows the simulation of plant setups to predict failures at an early planning stage. A denial of service vulnerability exists in Siemens PROFINET Stack Integrated on Interniche Stack. A vulnerability has been identified in SIMATIC CFU DIQ (All versions), SIMATIC CFU PA (All versions), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX (All versions), SIMIT Simulation Platform (All versions)

Trust: 2.25

sources: NVD: CVE-2022-25622 // JVNDB: JVNDB-2022-008398 // CNVD: CNVD-2022-28496 // VULMON: CVE-2022-25622

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-28496

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic s7-300 cpu	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-410 v8	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-400 pn\/dp v7	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-400h v6	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic tdc cpu555	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu	scope:	lt	version:	2.0.0	Trust: 1.0
vendor:	siemens	model:	simatic cfu diq	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic winac rtx	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic cfu pa	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic tdc cp51m1	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simit simulation platform	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-410 v10	scope:	eq	version:	*	Trust: 1.0
vendor:	シーメンス	model:	simatic s7-410 v10	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic cfu diq	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-400 pn/dp v7	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-410 v8	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic cfu pa	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-300 cpu	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic tdc cp51m1	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic tdc cpu555	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-400h v6	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simit simulation platform	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic winac rtx	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-300 cpu family	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic s7-1500 cpu family	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic tdc cp51m1	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic tdc cpu555	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simit simulation platform	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic cfu diq	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic cfu pa	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic s7-400 h cpu family	scope:	eq	version:	v6<6.0.10	Trust: 0.6
vendor:	siemens	model:	simatic s7-400 pn/dp cpu family	scope:	eq	version:	v7	Trust: 0.6
vendor:	siemens	model:	simatic s7-410 cpu family	scope:	eq	version:	v8	Trust: 0.6
vendor:	siemens	model:	simatic s7-410 cpu family	scope:	eq	version:	v10	Trust: 0.6
vendor:	siemens	model:	simatic winac rtx	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-28496 // JVNDB: JVNDB-2022-008398 // NVD: CVE-2022-25622

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-25622
value:	HIGH
Trust: 1.0
productcert@siemens.com:	CVE-2022-25622
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-25622
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-28496
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202204-2940
value:	HIGH
Trust: 0.6
VULMON:	CVE-2022-25622
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-25622
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-28496
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-25622
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
productcert@siemens.com:	CVE-2022-25622
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-25622
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-28496 // VULMON: CVE-2022-25622 // JVNDB: JVNDB-2022-008398 // CNNVD: CNNVD-202204-2940 // NVD: CVE-2022-25622 // NVD: CVE-2022-25622

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.0
problemtype:	Resource exhaustion (CWE-400) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-008398 // NVD: CVE-2022-25622

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-2940

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202204-2940

PATCH

title:	Patch for Siemens PROFINET Stack Integrated on Interniche Stack Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/329201	Trust: 0.6
title:	Multiple Siemens SIMATIC Product resource management error vulnerability fixes	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=245481	Trust: 0.6

sources: CNVD: CNVD-2022-28496 // CNNVD: CNNVD-202204-2940

EXTERNAL IDS

db:	NVD	id:	CVE-2022-25622	Trust: 3.9
db:	SIEMENS	id:	SSA-446448	Trust: 3.1
db:	ICS CERT	id:	ICSA-22-104-06	Trust: 1.5
db:	JVN	id:	JVNVU91165555	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-008398	Trust: 0.8
db:	CNVD	id:	CNVD-2022-28496	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1713	Trust: 0.6
db:	CS-HELP	id:	SB2022042008	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-2940	Trust: 0.6
db:	VULMON	id:	CVE-2022-25622	Trust: 0.1

sources: CNVD: CNVD-2022-28496 // VULMON: CVE-2022-25622 // JVNDB: JVNDB-2022-008398 // CNNVD: CNNVD-202204-2940 // NVD: CVE-2022-25622

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdf	Trust: 3.1
url:	https://cert-portal.siemens.com/productcert/html/ssa-446448.html	Trust: 1.0
url:	https://jvn.jp/vu/jvnvu91165555/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25622	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-22-104-06	Trust: 0.8
url:	https://vigilance.fr/vulnerability/simatic-denial-of-service-via-profinet-interniche-ip-stack-38018	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-104-06	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-25622/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1713	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042008	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-06	Trust: 0.1

sources: CNVD: CNVD-2022-28496 // VULMON: CVE-2022-25622 // JVNDB: JVNDB-2022-008398 // CNNVD: CNNVD-202204-2940 // NVD: CVE-2022-25622

CREDITS

Siemens reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202204-2940

SOURCES

db:	CNVD	id:	CNVD-2022-28496
db:	VULMON	id:	CVE-2022-25622
db:	JVNDB	id:	JVNDB-2022-008398
db:	CNNVD	id:	CNNVD-202204-2940
db:	NVD	id:	CVE-2022-25622

LAST UPDATE DATE

2024-08-14T13:42:54.772000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-28496	date:	2022-04-13T00:00:00
db:	VULMON	id:	CVE-2022-25622	date:	2022-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2022-008398	date:	2023-07-26T08:25:00
db:	CNNVD	id:	CNNVD-202204-2940	date:	2023-07-12T00:00:00
db:	NVD	id:	CVE-2022-25622	date:	2024-07-09T12:15:05.463

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-28496	date:	2022-04-13T00:00:00
db:	VULMON	id:	CVE-2022-25622	date:	2022-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-008398	date:	2023-07-26T00:00:00
db:	CNNVD	id:	CNNVD-202204-2940	date:	2022-04-12T00:00:00
db:	NVD	id:	CVE-2022-25622	date:	2022-04-12T09:15:14.483