Details of VAR-202207-0621

ID

VAR-202207-0621

CVE

CVE-2022-34821

TITLE

Siemens SIMATIC CP SRCS VPN Feature Code Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-51634

DESCRIPTION

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.2), SCALANCE M804PB (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.2), SCALANCE M874-2 (All versions < V7.2), SCALANCE M874-3 (All versions < V7.2), SCALANCE M876-3 (EVDO) (All versions < V7.2), SCALANCE M876-3 (ROK) (All versions < V7.2), SCALANCE M876-4 (All versions < V7.2), SCALANCE M876-4 (EU) (All versions < V7.2), SCALANCE M876-4 (NAM) (All versions < V7.2), SCALANCE MUM853-1 (EU) (All versions < V7.2), SCALANCE MUM856-1 (EU) (All versions < V7.2), SCALANCE MUM856-1 (RoW) (All versions < V7.2), SCALANCE S615 (All versions < V7.2), SCALANCE S615 EEC (All versions < V7.2), SCALANCE SC622-2C (All versions < V2.3), SCALANCE SC622-2C (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (All versions < V2.3), SCALANCE SC626-2C (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (All versions < V2.3), SCALANCE SC632-2C (All versions >= V2.3 < V3.0), SCALANCE SC636-2C (All versions < V2.3), SCALANCE SC636-2C (All versions >= V2.3 < V3.0), SCALANCE SC642-2C (All versions < V2.3), SCALANCE SC642-2C (All versions >= V2.3 < V3.0), SCALANCE SC646-2C (All versions < V2.3), SCALANCE SC646-2C (All versions >= V2.3 < V3.0), SCALANCE WAM763-1 (All versions), SCALANCE WAM766-1 (EU) (All versions), SCALANCE WAM766-1 (US) (All versions), SCALANCE WAM766-1 EEC (EU) (All versions), SCALANCE WAM766-1 EEC (US) (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM766-1 (EU) (All versions), SCALANCE WUM766-1 (US) (All versions), SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges. The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect the SIMATIC S7-1200 controllers to a wide area network (WAN). They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or ST7 master via the SINAUT ST7 telecontrol protocol. The SIMATIC CP 1543-1 communications processor connects the SIMATIC S7-1500 controller to Ethernet. They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1543SP-1, CP 1542SP-1 and CP 1542SP-1 IRC communication processors connect the SIMATIC ET 200SP controllers to Ethernet. The SIMATIC CP 1543SP-1 and CP 1542SP-1 IRC communication processors also offer integrated security functions such as firewalls, virtual private networks (VPN) or support for other data encryption protocols. SIPLUSextreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware on which they are based

Trust: 1.53

sources: NVD: CVE-2022-34821 // CNVD: CNVD-2022-51634 // VULMON: CVE-2022-34821

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-51634

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic cp 1542sp-1 irc	scope:	gte	version:	2.0	Trust: 1.6
vendor:	siemens	model:	simatic cp 1543sp-1	scope:	gte	version:	2.0	Trust: 1.6
vendor:	siemens	model:	siplus et 200sp cp 1542sp-1 irc tx rail	scope:	gte	version:	2.0	Trust: 1.6
vendor:	siemens	model:	siplus et 200sp cp 1543sp-1 isec	scope:	gte	version:	2.0	Trust: 1.6
vendor:	siemens	model:	siplus et 200sp cp 1543sp-1 isec tx rail	scope:	gte	version:	2.0	Trust: 1.6
vendor:	siemens	model:	simatic cp 1243-7 lte eu	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siplus s7-1200 cp 1243-1	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siplus s7-1200 cp 1243-1 rail	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic cp 1543-1	scope:	lt	version:	3.0.22	Trust: 1.0
vendor:	siemens	model:	siplus net cp 1242-7 v2	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic cp 1243-7 lte us	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic cp 1242-7 v2	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic cp 1243-1	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siplus net cp 1543-1	scope:	lt	version:	3.0.22	Trust: 1.0
vendor:	siemens	model:	simatic cp 1243-8 irc	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic cp	scope:	eq	version:	1242-7v2	Trust: 0.6
vendor:	siemens	model:	simatic cp	scope:	eq	version:	1243-1	Trust: 0.6
vendor:	siemens	model:	simatic cp lte eu	scope:	eq	version:	1243-7	Trust: 0.6
vendor:	siemens	model:	simatic cp lte us	scope:	eq	version:	1243-7	Trust: 0.6
vendor:	siemens	model:	simatic cp irc	scope:	eq	version:	1243-8	Trust: 0.6
vendor:	siemens	model:	simatic cp	scope:	eq	version:	1543-1<3.0.22	Trust: 0.6
vendor:	siemens	model:	siplus net cp	scope:	eq	version:	1242-7v2	Trust: 0.6
vendor:	siemens	model:	siplus net cp	scope:	eq	version:	1543-1<3.0.22	Trust: 0.6
vendor:	siemens	model:	siplus s7-1200 cp	scope:	eq	version:	1243-1	Trust: 0.6
vendor:	siemens	model:	siplus s7-1200 cp rail	scope:	eq	version:	1243-1	Trust: 0.6

sources: CNVD: CNVD-2022-51634 // NVD: CVE-2022-34821

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-34821
value:	CRITICAL
Trust: 1.0
productcert@siemens.com:	CVE-2022-34821
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2022-51634
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202207-902
value:	HIGH
Trust: 0.6
VULMON:	CVE-2022-34821
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-34821
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2022-51634
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.2
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-34821
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
productcert@siemens.com:	CVE-2022-34821
baseSeverity:	HIGH
baseScore:	7.6
vectorString:	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	6.0
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-51634 // VULMON: CVE-2022-34821 // CNNVD: CNNVD-202207-902 // NVD: CVE-2022-34821 // NVD: CVE-2022-34821

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.0

sources: NVD: CVE-2022-34821

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202207-902

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-202207-902

PATCH

title:	Patch for Siemens SIMATIC CP SRCS VPN Feature Code Injection Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/339696	Trust: 0.6
title:	Siemens SIMATIC Fixes for code injection vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=228948	Trust: 0.6

sources: CNVD: CNVD-2022-51634 // CNNVD: CNNVD-202207-902

EXTERNAL IDS

db:	NVD	id:	CVE-2022-34821	Trust: 2.3
db:	SIEMENS	id:	SSA-517377	Trust: 2.3
db:	SIEMENS	id:	SSA-413565	Trust: 1.7
db:	ICS CERT	id:	ICSA-22-195-12	Trust: 0.7
db:	CNVD	id:	CNVD-2022-51634	Trust: 0.6
db:	ICS CERT	id:	ICSA-22-349-04	Trust: 0.6
db:	CS-HELP	id:	SB2022071333	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-902	Trust: 0.6
db:	VULMON	id:	CVE-2022-34821	Trust: 0.1

sources: CNVD: CNVD-2022-51634 // VULMON: CVE-2022-34821 // CNNVD: CNNVD-202207-902 // NVD: CVE-2022-34821

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/html/ssa-517377.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022071333	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-349-04	Trust: 0.6
url:	https://vigilance.fr/vulnerability/siemens-simatic-cp-three-vulnerabilities-via-srcs-vpn-38784	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-34821/	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-195-12	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/94.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-12	Trust: 0.1

sources: CNVD: CNVD-2022-51634 // VULMON: CVE-2022-34821 // CNNVD: CNNVD-202207-902 // NVD: CVE-2022-34821

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202207-902

SOURCES

db:	CNVD	id:	CNVD-2022-51634
db:	VULMON	id:	CVE-2022-34821
db:	CNNVD	id:	CNNVD-202207-902
db:	NVD	id:	CVE-2022-34821

LAST UPDATE DATE

2024-08-14T12:05:42.870000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-51634	date:	2022-07-15T00:00:00
db:	VULMON	id:	CVE-2022-34821	date:	2023-10-10T00:00:00
db:	CNNVD	id:	CNNVD-202207-902	date:	2023-03-15T00:00:00
db:	NVD	id:	CVE-2022-34821	date:	2023-10-10T11:15:10.703

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-51634	date:	2022-07-15T00:00:00
db:	VULMON	id:	CVE-2022-34821	date:	2022-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202207-902	date:	2022-07-12T00:00:00
db:	NVD	id:	CVE-2022-34821	date:	2022-07-12T10:15:12.393