ID

VAR-202207-0622


CVE

CVE-2022-34819


TITLE

Siemens SIMATIC CP SRCS VPN Feature Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-51636

DESCRIPTION

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). The application lacks proper validation of user-supplied data when parsing specific messages. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of device. The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect the SIMATIC S7-1200 controllers to a wide area network (WAN). They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or ST7 master via the SINAUT ST7 telecontrol protocol. The SIMATIC CP 1543-1 communications processor connects the SIMATIC S7-1500 controller to Ethernet. They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1543SP-1, CP 1542SP-1 and CP 1542SP-1 IRC communication processors connect the SIMATIC ET 200SP controllers to Ethernet. The SIMATIC CP 1543SP-1 and CP 1542SP-1 IRC communication processors also offer integrated security functions such as firewalls, virtual private networks (VPN) or support for other data encryption protocols. SIPLUSextreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware on which they are based

Trust: 1.53

sources: NVD: CVE-2022-34819 // CNVD: CNVD-2022-51636 // VULMON: CVE-2022-34819

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-51636

AFFECTED PRODUCTS

vendor:siemensmodel:simatic cp 1542sp-1 ircscope:gteversion:2.0

Trust: 1.6

vendor:siemensmodel:simatic cp 1543sp-1scope:gteversion:2.0

Trust: 1.6

vendor:siemensmodel:siplus et 200sp cp 1542sp-1 irc tx railscope:gteversion:2.0

Trust: 1.6

vendor:siemensmodel:siplus et 200sp cp 1543sp-1 isecscope:gteversion:2.0

Trust: 1.6

vendor:siemensmodel:siplus et 200sp cp 1543sp-1 isec tx railscope:gteversion:2.0

Trust: 1.6

vendor:siemensmodel:simatic cp 1243-7 lte euscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siplus s7-1200 cp 1243-1scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siplus s7-1200 cp 1243-1 railscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 1543-1scope:ltversion:3.0.22

Trust: 1.0

vendor:siemensmodel:siplus net cp 1242-7 v2scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 1243-7 lte usscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 1242-7 v2scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 1243-1scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siplus net cp 1543-1scope:ltversion:3.0.22

Trust: 1.0

vendor:siemensmodel:simatic cp 1243-8 ircscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cpscope:eqversion:1242-7v2

Trust: 0.6

vendor:siemensmodel:simatic cpscope:eqversion:1243-1

Trust: 0.6

vendor:siemensmodel:simatic cp lte euscope:eqversion:1243-7

Trust: 0.6

vendor:siemensmodel:simatic cp lte usscope:eqversion:1243-7

Trust: 0.6

vendor:siemensmodel:simatic cp ircscope:eqversion:1243-8

Trust: 0.6

vendor:siemensmodel:simatic cpscope:eqversion:1543-1<3.0.22

Trust: 0.6

vendor:siemensmodel:siplus net cpscope:eqversion:1242-7v2

Trust: 0.6

vendor:siemensmodel:siplus net cpscope:eqversion:1543-1<3.0.22

Trust: 0.6

vendor:siemensmodel:siplus s7-1200 cpscope:eqversion:1243-1

Trust: 0.6

vendor:siemensmodel:siplus s7-1200 cp railscope:eqversion:1243-1

Trust: 0.6

sources: CNVD: CNVD-2022-51636 // NVD: CVE-2022-34819

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-34819
value: CRITICAL

Trust: 1.0

productcert@siemens.com: CVE-2022-34819
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2022-51636
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202207-904
value: CRITICAL

Trust: 0.6

VULMON: CVE-2022-34819
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-34819
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2022-51636
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-34819
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.1

Trust: 2.0

sources: CNVD: CNVD-2022-51636 // VULMON: CVE-2022-34819 // CNNVD: CNNVD-202207-904 // NVD: CVE-2022-34819 // NVD: CVE-2022-34819

PROBLEMTYPE DATA

problemtype:CWE-122

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

sources: NVD: CVE-2022-34819

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-904

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202207-904

PATCH

title:Patch for Siemens SIMATIC CP SRCS VPN Feature Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/339686

Trust: 0.6

title:Multiple Siemens Product Buffer Error Vulnerability Fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=228950

Trust: 0.6

sources: CNVD: CNVD-2022-51636 // CNNVD: CNNVD-202207-904

EXTERNAL IDS

db:SIEMENSid:SSA-517377

Trust: 2.3

db:NVDid:CVE-2022-34819

Trust: 2.3

db:ICS CERTid:ICSA-22-195-12

Trust: 0.7

db:CNVDid:CNVD-2022-51636

Trust: 0.6

db:CS-HELPid:SB2022071333

Trust: 0.6

db:CNNVDid:CNNVD-202207-904

Trust: 0.6

db:VULMONid:CVE-2022-34819

Trust: 0.1

sources: CNVD: CNVD-2022-51636 // VULMON: CVE-2022-34819 // CNNVD: CNNVD-202207-904 // NVD: CVE-2022-34819

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/html/ssa-517377.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022071333

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-34819/

Trust: 0.6

url:https://vigilance.fr/vulnerability/siemens-simatic-cp-three-vulnerabilities-via-srcs-vpn-38784

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-195-12

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/122.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-12

Trust: 0.1

sources: CNVD: CNVD-2022-51636 // VULMON: CVE-2022-34819 // CNNVD: CNNVD-202207-904 // NVD: CVE-2022-34819

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202207-904

SOURCES

db:CNVDid:CNVD-2022-51636
db:VULMONid:CVE-2022-34819
db:CNNVDid:CNNVD-202207-904
db:NVDid:CVE-2022-34819

LAST UPDATE DATE

2024-08-14T12:14:15.137000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-51636date:2022-07-15T00:00:00
db:VULMONid:CVE-2022-34819date:2023-03-14T00:00:00
db:CNNVDid:CNNVD-202207-904date:2023-03-15T00:00:00
db:NVDid:CVE-2022-34819date:2023-03-14T10:15:21.217

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-51636date:2022-07-15T00:00:00
db:VULMONid:CVE-2022-34819date:2022-07-12T00:00:00
db:CNNVDid:CNNVD-202207-904date:2022-07-12T00:00:00
db:NVDid:CVE-2022-34819date:2022-07-12T10:15:12.293