Details of VAR-202207-0622

ID

VAR-202207-0622

CVE

CVE-2022-34819

TITLE

Siemens SIMATIC CP SRCS VPN Feature Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-51636

DESCRIPTION

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). The application lacks proper validation of user-supplied data when parsing specific messages. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of device. The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect the SIMATIC S7-1200 controllers to a wide area network (WAN). They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or ST7 master via the SINAUT ST7 telecontrol protocol. The SIMATIC CP 1543-1 communications processor connects the SIMATIC S7-1500 controller to Ethernet. They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1543SP-1, CP 1542SP-1 and CP 1542SP-1 IRC communication processors connect the SIMATIC ET 200SP controllers to Ethernet. The SIMATIC CP 1543SP-1 and CP 1542SP-1 IRC communication processors also offer integrated security functions such as firewalls, virtual private networks (VPN) or support for other data encryption protocols. SIPLUSextreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware on which they are based

Trust: 1.53

sources: NVD: CVE-2022-34819 // CNVD: CNVD-2022-51636 // VULMON: CVE-2022-34819

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-51636

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic cp 1542sp-1 irc	scope:	gte	version:	2.0	Trust: 1.6
vendor:	siemens	model:	simatic cp 1543sp-1	scope:	gte	version:	2.0	Trust: 1.6
vendor:	siemens	model:	siplus et 200sp cp 1542sp-1 irc tx rail	scope:	gte	version:	2.0	Trust: 1.6
vendor:	siemens	model:	siplus et 200sp cp 1543sp-1 isec	scope:	gte	version:	2.0	Trust: 1.6
vendor:	siemens	model:	siplus et 200sp cp 1543sp-1 isec tx rail	scope:	gte	version:	2.0	Trust: 1.6
vendor:	siemens	model:	simatic cp 1243-7 lte eu	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siplus s7-1200 cp 1243-1	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siplus s7-1200 cp 1243-1 rail	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic cp 1543-1	scope:	lt	version:	3.0.22	Trust: 1.0
vendor:	siemens	model:	siplus net cp 1242-7 v2	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic cp 1243-7 lte us	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic cp 1242-7 v2	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic cp 1243-1	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siplus net cp 1543-1	scope:	lt	version:	3.0.22	Trust: 1.0
vendor:	siemens	model:	simatic cp 1243-8 irc	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic cp	scope:	eq	version:	1242-7v2	Trust: 0.6
vendor:	siemens	model:	simatic cp	scope:	eq	version:	1243-1	Trust: 0.6
vendor:	siemens	model:	simatic cp lte eu	scope:	eq	version:	1243-7	Trust: 0.6
vendor:	siemens	model:	simatic cp lte us	scope:	eq	version:	1243-7	Trust: 0.6
vendor:	siemens	model:	simatic cp irc	scope:	eq	version:	1243-8	Trust: 0.6
vendor:	siemens	model:	simatic cp	scope:	eq	version:	1543-1<3.0.22	Trust: 0.6
vendor:	siemens	model:	siplus net cp	scope:	eq	version:	1242-7v2	Trust: 0.6
vendor:	siemens	model:	siplus net cp	scope:	eq	version:	1543-1<3.0.22	Trust: 0.6
vendor:	siemens	model:	siplus s7-1200 cp	scope:	eq	version:	1243-1	Trust: 0.6
vendor:	siemens	model:	siplus s7-1200 cp rail	scope:	eq	version:	1243-1	Trust: 0.6

sources: CNVD: CNVD-2022-51636 // NVD: CVE-2022-34819

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-34819
value:	CRITICAL
Trust: 1.0
productcert@siemens.com:	CVE-2022-34819
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2022-51636
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202207-904
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2022-34819
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-34819
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2022-51636
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-34819
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2022-51636 // VULMON: CVE-2022-34819 // CNNVD: CNNVD-202207-904 // NVD: CVE-2022-34819 // NVD: CVE-2022-34819

PROBLEMTYPE DATA

problemtype:	CWE-122	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0

sources: NVD: CVE-2022-34819

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-904

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202207-904

PATCH

title:	Patch for Siemens SIMATIC CP SRCS VPN Feature Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/339686	Trust: 0.6
title:	Multiple Siemens Product Buffer Error Vulnerability Fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=228950	Trust: 0.6

sources: CNVD: CNVD-2022-51636 // CNNVD: CNNVD-202207-904

EXTERNAL IDS

db:	SIEMENS	id:	SSA-517377	Trust: 2.3
db:	NVD	id:	CVE-2022-34819	Trust: 2.3
db:	ICS CERT	id:	ICSA-22-195-12	Trust: 0.7
db:	CNVD	id:	CNVD-2022-51636	Trust: 0.6
db:	CS-HELP	id:	SB2022071333	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-904	Trust: 0.6
db:	VULMON	id:	CVE-2022-34819	Trust: 0.1

sources: CNVD: CNVD-2022-51636 // VULMON: CVE-2022-34819 // CNNVD: CNNVD-202207-904 // NVD: CVE-2022-34819

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/html/ssa-517377.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022071333	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-34819/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/siemens-simatic-cp-three-vulnerabilities-via-srcs-vpn-38784	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-195-12	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/122.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-12	Trust: 0.1

sources: CNVD: CNVD-2022-51636 // VULMON: CVE-2022-34819 // CNNVD: CNNVD-202207-904 // NVD: CVE-2022-34819

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202207-904

SOURCES

db:	CNVD	id:	CNVD-2022-51636
db:	VULMON	id:	CVE-2022-34819
db:	CNNVD	id:	CNNVD-202207-904
db:	NVD	id:	CVE-2022-34819

LAST UPDATE DATE

2024-08-14T12:14:15.137000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-51636	date:	2022-07-15T00:00:00
db:	VULMON	id:	CVE-2022-34819	date:	2023-03-14T00:00:00
db:	CNNVD	id:	CNNVD-202207-904	date:	2023-03-15T00:00:00
db:	NVD	id:	CVE-2022-34819	date:	2023-03-14T10:15:21.217

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-51636	date:	2022-07-15T00:00:00
db:	VULMON	id:	CVE-2022-34819	date:	2022-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202207-904	date:	2022-07-12T00:00:00
db:	NVD	id:	CVE-2022-34819	date:	2022-07-12T10:15:12.293