ID

VAR-202207-0621


CVE

CVE-2022-34821


TITLE

Siemens SIMATIC CP SRCS VPN Feature Code Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-51634

DESCRIPTION

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.2), SCALANCE M804PB (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.2), SCALANCE M874-2 (All versions < V7.2), SCALANCE M874-3 (All versions < V7.2), SCALANCE M876-3 (EVDO) (All versions < V7.2), SCALANCE M876-3 (ROK) (All versions < V7.2), SCALANCE M876-4 (All versions < V7.2), SCALANCE M876-4 (EU) (All versions < V7.2), SCALANCE M876-4 (NAM) (All versions < V7.2), SCALANCE MUM853-1 (EU) (All versions < V7.2), SCALANCE MUM856-1 (EU) (All versions < V7.2), SCALANCE MUM856-1 (RoW) (All versions < V7.2), SCALANCE S615 (All versions < V7.2), SCALANCE S615 EEC (All versions < V7.2), SCALANCE SC622-2C (All versions < V2.3), SCALANCE SC622-2C (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (All versions < V2.3), SCALANCE SC626-2C (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (All versions < V2.3), SCALANCE SC632-2C (All versions >= V2.3 < V3.0), SCALANCE SC636-2C (All versions < V2.3), SCALANCE SC636-2C (All versions >= V2.3 < V3.0), SCALANCE SC642-2C (All versions < V2.3), SCALANCE SC642-2C (All versions >= V2.3 < V3.0), SCALANCE SC646-2C (All versions < V2.3), SCALANCE SC646-2C (All versions >= V2.3 < V3.0), SCALANCE WAM763-1 (All versions), SCALANCE WAM766-1 (EU) (All versions), SCALANCE WAM766-1 (US) (All versions), SCALANCE WAM766-1 EEC (EU) (All versions), SCALANCE WAM766-1 EEC (US) (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM766-1 (EU) (All versions), SCALANCE WUM766-1 (US) (All versions), SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges. The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect the SIMATIC S7-1200 controllers to a wide area network (WAN). They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or ST7 master via the SINAUT ST7 telecontrol protocol. The SIMATIC CP 1543-1 communications processor connects the SIMATIC S7-1500 controller to Ethernet. They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1543SP-1, CP 1542SP-1 and CP 1542SP-1 IRC communication processors connect the SIMATIC ET 200SP controllers to Ethernet. The SIMATIC CP 1543SP-1 and CP 1542SP-1 IRC communication processors also offer integrated security functions such as firewalls, virtual private networks (VPN) or support for other data encryption protocols. SIPLUSextreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware on which they are based

Trust: 1.53

sources: NVD: CVE-2022-34821 // CNVD: CNVD-2022-51634 // VULMON: CVE-2022-34821

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-51634

AFFECTED PRODUCTS

vendor:siemensmodel:simatic cp 1542sp-1 ircscope:gteversion:2.0

Trust: 1.6

vendor:siemensmodel:simatic cp 1543sp-1scope:gteversion:2.0

Trust: 1.6

vendor:siemensmodel:siplus et 200sp cp 1542sp-1 irc tx railscope:gteversion:2.0

Trust: 1.6

vendor:siemensmodel:siplus et 200sp cp 1543sp-1 isecscope:gteversion:2.0

Trust: 1.6

vendor:siemensmodel:siplus et 200sp cp 1543sp-1 isec tx railscope:gteversion:2.0

Trust: 1.6

vendor:siemensmodel:simatic cp 1243-7 lte euscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siplus s7-1200 cp 1243-1scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siplus s7-1200 cp 1243-1 railscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 1543-1scope:ltversion:3.0.22

Trust: 1.0

vendor:siemensmodel:siplus net cp 1242-7 v2scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 1243-7 lte usscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 1242-7 v2scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 1243-1scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siplus net cp 1543-1scope:ltversion:3.0.22

Trust: 1.0

vendor:siemensmodel:simatic cp 1243-8 ircscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cpscope:eqversion:1242-7v2

Trust: 0.6

vendor:siemensmodel:simatic cpscope:eqversion:1243-1

Trust: 0.6

vendor:siemensmodel:simatic cp lte euscope:eqversion:1243-7

Trust: 0.6

vendor:siemensmodel:simatic cp lte usscope:eqversion:1243-7

Trust: 0.6

vendor:siemensmodel:simatic cp ircscope:eqversion:1243-8

Trust: 0.6

vendor:siemensmodel:simatic cpscope:eqversion:1543-1<3.0.22

Trust: 0.6

vendor:siemensmodel:siplus net cpscope:eqversion:1242-7v2

Trust: 0.6

vendor:siemensmodel:siplus net cpscope:eqversion:1543-1<3.0.22

Trust: 0.6

vendor:siemensmodel:siplus s7-1200 cpscope:eqversion:1243-1

Trust: 0.6

vendor:siemensmodel:siplus s7-1200 cp railscope:eqversion:1243-1

Trust: 0.6

sources: CNVD: CNVD-2022-51634 // NVD: CVE-2022-34821

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-34821
value: CRITICAL

Trust: 1.0

productcert@siemens.com: CVE-2022-34821
value: HIGH

Trust: 1.0

CNVD: CNVD-2022-51634
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202207-902
value: HIGH

Trust: 0.6

VULMON: CVE-2022-34821
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-34821
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2022-51634
severity: MEDIUM
baseScore: 6.8
vectorString: AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-34821
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2022-34821
baseSeverity: HIGH
baseScore: 7.6
vectorString: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 6.0
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2022-51634 // VULMON: CVE-2022-34821 // CNNVD: CNNVD-202207-902 // NVD: CVE-2022-34821 // NVD: CVE-2022-34821

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.0

sources: NVD: CVE-2022-34821

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202207-902

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-202207-902

PATCH

title:Patch for Siemens SIMATIC CP SRCS VPN Feature Code Injection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/339696

Trust: 0.6

title:Siemens SIMATIC Fixes for code injection vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=228948

Trust: 0.6

sources: CNVD: CNVD-2022-51634 // CNNVD: CNNVD-202207-902

EXTERNAL IDS

db:NVDid:CVE-2022-34821

Trust: 2.3

db:SIEMENSid:SSA-517377

Trust: 2.3

db:SIEMENSid:SSA-413565

Trust: 1.7

db:ICS CERTid:ICSA-22-195-12

Trust: 0.7

db:CNVDid:CNVD-2022-51634

Trust: 0.6

db:ICS CERTid:ICSA-22-349-04

Trust: 0.6

db:CS-HELPid:SB2022071333

Trust: 0.6

db:CNNVDid:CNNVD-202207-902

Trust: 0.6

db:VULMONid:CVE-2022-34821

Trust: 0.1

sources: CNVD: CNVD-2022-51634 // VULMON: CVE-2022-34821 // CNNVD: CNNVD-202207-902 // NVD: CVE-2022-34821

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/html/ssa-517377.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022071333

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-349-04

Trust: 0.6

url:https://vigilance.fr/vulnerability/siemens-simatic-cp-three-vulnerabilities-via-srcs-vpn-38784

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-34821/

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-195-12

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/94.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-12

Trust: 0.1

sources: CNVD: CNVD-2022-51634 // VULMON: CVE-2022-34821 // CNNVD: CNNVD-202207-902 // NVD: CVE-2022-34821

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202207-902

SOURCES

db:CNVDid:CNVD-2022-51634
db:VULMONid:CVE-2022-34821
db:CNNVDid:CNNVD-202207-902
db:NVDid:CVE-2022-34821

LAST UPDATE DATE

2024-08-14T12:05:42.870000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-51634date:2022-07-15T00:00:00
db:VULMONid:CVE-2022-34821date:2023-10-10T00:00:00
db:CNNVDid:CNNVD-202207-902date:2023-03-15T00:00:00
db:NVDid:CVE-2022-34821date:2023-10-10T11:15:10.703

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-51634date:2022-07-15T00:00:00
db:VULMONid:CVE-2022-34821date:2022-07-12T00:00:00
db:CNNVDid:CNNVD-202207-902date:2022-07-12T00:00:00
db:NVDid:CVE-2022-34821date:2022-07-12T10:15:12.393