ID

VAR-202207-0620


CVE

CVE-2022-34820


TITLE

Siemens SIMATIC CP SRCS VPN Feature Command Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-51635

DESCRIPTION

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). The application does not correctly escape some user provided fields during the authentication process. This could allow an attacker to inject custom commands and execute arbitrary code with elevated privileges. The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect the SIMATIC S7-1200 controllers to a wide area network (WAN). They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or ST7 master via the SINAUT ST7 telecontrol protocol. The SIMATIC CP 1543-1 communications processor connects the SIMATIC S7-1500 controller to Ethernet. They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1543SP-1, CP 1542SP-1 and CP 1542SP-1 IRC communication processors connect the SIMATIC ET 200SP controllers to Ethernet. The SIMATIC CP 1543SP-1 and CP 1542SP-1 IRC communication processors also offer integrated security functions such as firewalls, virtual private networks (VPN) or support for other data encryption protocols. SIPLUSextreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware on which they are based

Trust: 1.53

sources: NVD: CVE-2022-34820 // CNVD: CNVD-2022-51635 // VULMON: CVE-2022-34820

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-51635

AFFECTED PRODUCTS

vendor:siemensmodel:simatic cp 1542sp-1 ircscope:gteversion:2.0

Trust: 1.6

vendor:siemensmodel:simatic cp 1543sp-1scope:gteversion:2.0

Trust: 1.6

vendor:siemensmodel:siplus et 200sp cp 1542sp-1 irc tx railscope:gteversion:2.0

Trust: 1.6

vendor:siemensmodel:siplus et 200sp cp 1543sp-1 isecscope:gteversion:2.0

Trust: 1.6

vendor:siemensmodel:siplus et 200sp cp 1543sp-1 isec tx railscope:gteversion:2.0

Trust: 1.6

vendor:siemensmodel:siplus et 200sp cp 1542sp-1 irc tx railscope:ltversion:2.2.28

Trust: 1.0

vendor:siemensmodel:simatic cp 1243-7 lte euscope:ltversion:3.3.46

Trust: 1.0

vendor:siemensmodel:siplus s7-1200 cp 1243-1scope:ltversion:3.3.46

Trust: 1.0

vendor:siemensmodel:simatic cp 1243-7 lte usscope:ltversion:3.3.46

Trust: 1.0

vendor:siemensmodel:siplus et 200sp cp 1543sp-1 isecscope:ltversion:2.2.28

Trust: 1.0

vendor:siemensmodel:siplus net cp 1242-7 v2scope:ltversion:3.3.46

Trust: 1.0

vendor:siemensmodel:simatic cp 1243-1scope:ltversion:3.3.46

Trust: 1.0

vendor:siemensmodel:simatic cp 1543sp-1scope:ltversion:2.2.28

Trust: 1.0

vendor:siemensmodel:siplus net cp 1543-1scope:ltversion:3.0.22

Trust: 1.0

vendor:siemensmodel:simatic cp 1242-7 v2scope:ltversion:3.3.46

Trust: 1.0

vendor:siemensmodel:simatic cp 1543-1scope:ltversion:3.0.22

Trust: 1.0

vendor:siemensmodel:simatic cp 1542sp-1 ircscope:ltversion:2.2.28

Trust: 1.0

vendor:siemensmodel:siplus s7-1200 cp 1243-1 railscope:ltversion:3.3.46

Trust: 1.0

vendor:siemensmodel:simatic cp 1243-8 ircscope:ltversion:3.3.46

Trust: 1.0

vendor:siemensmodel:siplus et 200sp cp 1543sp-1 isec tx railscope:ltversion:2.2.28

Trust: 1.0

vendor:siemensmodel:simatic cpscope:eqversion:1242-7v2

Trust: 0.6

vendor:siemensmodel:simatic cpscope:eqversion:1243-1

Trust: 0.6

vendor:siemensmodel:simatic cp lte euscope:eqversion:1243-7

Trust: 0.6

vendor:siemensmodel:simatic cp lte usscope:eqversion:1243-7

Trust: 0.6

vendor:siemensmodel:simatic cp ircscope:eqversion:1243-8

Trust: 0.6

vendor:siemensmodel:simatic cpscope:eqversion:1543-1<3.0.22

Trust: 0.6

vendor:siemensmodel:siplus net cpscope:eqversion:1242-7v2

Trust: 0.6

vendor:siemensmodel:siplus net cpscope:eqversion:1543-1<3.0.22

Trust: 0.6

vendor:siemensmodel:siplus s7-1200 cpscope:eqversion:1243-1

Trust: 0.6

vendor:siemensmodel:siplus s7-1200 cp railscope:eqversion:1243-1

Trust: 0.6

sources: CNVD: CNVD-2022-51635 // NVD: CVE-2022-34820

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-34820
value: CRITICAL

Trust: 1.0

productcert@siemens.com: CVE-2022-34820
value: HIGH

Trust: 1.0

CNVD: CNVD-2022-51635
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202207-903
value: HIGH

Trust: 0.6

VULMON: CVE-2022-34820
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-34820
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2022-51635
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-34820
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2022-34820
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.7
impactScore: 6.0
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2022-51635 // VULMON: CVE-2022-34820 // CNNVD: CNNVD-202207-903 // NVD: CVE-2022-34820 // NVD: CVE-2022-34820

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-116

Trust: 1.0

sources: NVD: CVE-2022-34820

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202207-903

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202207-903

PATCH

title:Patch for Siemens SIMATIC CP SRCS VPN Feature Command Injection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/339691

Trust: 0.6

title:Multiple Siemens SIMATIC Product Command Injection Vulnerability Fixesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=228949

Trust: 0.6

sources: CNVD: CNVD-2022-51635 // CNNVD: CNNVD-202207-903

EXTERNAL IDS

db:NVDid:CVE-2022-34820

Trust: 2.3

db:SIEMENSid:SSA-517377

Trust: 2.3

db:ICS CERTid:ICSA-22-195-12

Trust: 0.7

db:CNVDid:CNVD-2022-51635

Trust: 0.6

db:CS-HELPid:SB2022071333

Trust: 0.6

db:CNNVDid:CNNVD-202207-903

Trust: 0.6

db:VULMONid:CVE-2022-34820

Trust: 0.1

sources: CNVD: CNVD-2022-51635 // VULMON: CVE-2022-34820 // CNNVD: CNNVD-202207-903 // NVD: CVE-2022-34820

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/html/ssa-517377.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022071333

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-34820/

Trust: 0.6

url:https://vigilance.fr/vulnerability/siemens-simatic-cp-three-vulnerabilities-via-srcs-vpn-38784

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-195-12

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/116.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-12

Trust: 0.1

sources: CNVD: CNVD-2022-51635 // VULMON: CVE-2022-34820 // CNNVD: CNNVD-202207-903 // NVD: CVE-2022-34820

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202207-903

SOURCES

db:CNVDid:CNVD-2022-51635
db:VULMONid:CVE-2022-34820
db:CNNVDid:CNNVD-202207-903
db:NVDid:CVE-2022-34820

LAST UPDATE DATE

2024-08-14T12:58:52.107000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-51635date:2022-07-15T00:00:00
db:VULMONid:CVE-2022-34820date:2023-06-29T00:00:00
db:CNNVDid:CNNVD-202207-903date:2023-06-30T00:00:00
db:NVDid:CVE-2022-34820date:2023-06-29T15:34:19.477

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-51635date:2022-07-15T00:00:00
db:VULMONid:CVE-2022-34820date:2022-07-12T00:00:00
db:CNNVDid:CNNVD-202207-903date:2022-07-12T00:00:00
db:NVDid:CVE-2022-34820date:2022-07-12T10:15:12.343