Details of VAR-202210-0467

ID

VAR-202210-0467

CVE

CVE-2022-40227

TITLE

Input validation vulnerability in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2022-018713

DESCRIPTION

A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V17 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V17 Update 4), SIMATIC HMI KTP1200 Basic (All versions < V17 Update 5), SIMATIC HMI KTP400 Basic (All versions < V17 Update 5), SIMATIC HMI KTP700 Basic (All versions < V17 Update 5), SIMATIC HMI KTP900 Basic (All versions < V17 Update 5), SIPLUS HMI KTP1200 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP400 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP700 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP900 BASIC (All versions < V17 Update 5). Affected devices do not properly validate input sent to certain services over TCP. This could allow an unauthenticated remote attacker to cause a permanent denial of service condition (requiring a device reboot) by sending specially crafted TCP packets. simatic hmi comfort panels firmware, simatic hmi ktp400 basic firmware, simatic hmi ktp700 basic Multiple Siemens products, including firmware, contain vulnerabilities related to input validation.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC HMI Comfort Panels is a touch panel device from Siemens, Germany. Several Siemens products have an input validation error vulnerability

Trust: 2.16

sources: NVD: CVE-2022-40227 // JVNDB: JVNDB-2022-018713 // CNVD: CNVD-2022-91619

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-91619

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic hmi ktp mobile panels	scope:	eq	version:	17.0	Trust: 1.0
vendor:	siemens	model:	simatic hmi ktp900 basic	scope:	eq	version:	17.0	Trust: 1.0
vendor:	siemens	model:	simatic hmi ktp400 basic	scope:	lt	version:	17.0	Trust: 1.0
vendor:	siemens	model:	siplus hmi ktp700 basic	scope:	lt	version:	17.0	Trust: 1.0
vendor:	siemens	model:	simatic hmi comfort panels	scope:	eq	version:	17.0	Trust: 1.0
vendor:	siemens	model:	siplus hmi ktp1200 basic	scope:	eq	version:	17.0	Trust: 1.0
vendor:	siemens	model:	simatic hmi ktp700 basic	scope:	lt	version:	17.0	Trust: 1.0
vendor:	siemens	model:	simatic hmi ktp400 basic	scope:	eq	version:	17.0	Trust: 1.0
vendor:	siemens	model:	siplus hmi ktp700 basic	scope:	eq	version:	17.0	Trust: 1.0
vendor:	siemens	model:	simatic hmi comfort panels	scope:	lt	version:	17.0	Trust: 1.0
vendor:	siemens	model:	simatic hmi ktp700 basic	scope:	eq	version:	17.0	Trust: 1.0
vendor:	siemens	model:	simatic hmi ktp1200 basic	scope:	lt	version:	17.0	Trust: 1.0
vendor:	siemens	model:	simatic hmi ktp mobile panels	scope:	lt	version:	17.0	Trust: 1.0
vendor:	siemens	model:	siplus hmi ktp1200 basic	scope:	lt	version:	17.0	Trust: 1.0
vendor:	siemens	model:	siplus hmi ktp400 basic	scope:	eq	version:	17.0	Trust: 1.0
vendor:	siemens	model:	siplus hmi ktp900 basic	scope:	lt	version:	17.0	Trust: 1.0
vendor:	siemens	model:	simatic hmi ktp1200 basic	scope:	eq	version:	17.0	Trust: 1.0
vendor:	siemens	model:	siplus hmi ktp400 basic	scope:	lt	version:	17.0	Trust: 1.0
vendor:	siemens	model:	siplus hmi ktp900 basic	scope:	eq	version:	17.0	Trust: 1.0
vendor:	siemens	model:	simatic hmi ktp900 basic	scope:	lt	version:	17.0	Trust: 1.0
vendor:	シーメンス	model:	simatic hmi ktp1200 basic	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic hmi ktp900 basic	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic hmi comfort panels	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siplus hmi ktp400 basic	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siplus hmi ktp700 basic	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic hmi ktp mobile panels	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siplus hmi ktp1200 basic	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siplus hmi ktp900 basic	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic hmi ktp700 basic	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic hmi ktp400 basic	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic hmi comfort panels update	scope:	eq	version:	v174	Trust: 0.6
vendor:	siemens	model:	simatic hmi ktp mobile panels update	scope:	lt	version:	v174	Trust: 0.6
vendor:	siemens	model:	simatic hmi ktp1200 basic update	scope:	lt	version:	v175	Trust: 0.6
vendor:	siemens	model:	simatic hmi ktp400 basic update	scope:	lt	version:	v175	Trust: 0.6
vendor:	siemens	model:	simatic hmi ktp700 basic update	scope:	lt	version:	v175	Trust: 0.6
vendor:	siemens	model:	simatic hmi ktp900 basic update	scope:	lt	version:	v175	Trust: 0.6
vendor:	siemens	model:	siplus hmi ktp1200 basic update	scope:	lt	version:	v175	Trust: 0.6
vendor:	siemens	model:	siplus hmi ktp400 basic update	scope:	lt	version:	v175	Trust: 0.6
vendor:	siemens	model:	siplus hmi ktp700 basic update	scope:	lt	version:	v175	Trust: 0.6
vendor:	siemens	model:	siplus hmi ktp900 basic update	scope:	lt	version:	v175	Trust: 0.6

sources: CNVD: CNVD-2022-91619 // JVNDB: JVNDB-2022-018713 // NVD: CVE-2022-40227

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-40227
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-40227
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-91619
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202210-446
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2022-91619
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-40227
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-40227
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-91619 // JVNDB: JVNDB-2022-018713 // CNNVD: CNNVD-202210-446 // NVD: CVE-2022-40227

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-018713 // NVD: CVE-2022-40227

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-446

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202210-446

PATCH

title:	Patch for Various Siemens products input validation error vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/384516	Trust: 0.6
title:	Siemens SIMATIC HMI Comfort Panels Enter the fix for the verification error vulnerability	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=210554	Trust: 0.6

sources: CNVD: CNVD-2022-91619 // CNNVD: CNNVD-202210-446

EXTERNAL IDS

db:	NVD	id:	CVE-2022-40227	Trust: 3.8
db:	SIEMENS	id:	SSA-384224	Trust: 3.0
db:	ICS CERT	id:	ICSA-22-286-14	Trust: 1.4
db:	JVN	id:	JVNVU92214181	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-018713	Trust: 0.8
db:	CNVD	id:	CNVD-2022-91619	Trust: 0.6
db:	CNNVD	id:	CNNVD-202210-446	Trust: 0.6

sources: CNVD: CNVD-2022-91619 // JVNDB: JVNDB-2022-018713 // CNNVD: CNNVD-202210-446 // NVD: CVE-2022-40227

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-384224.pdf	Trust: 3.0
url:	https://jvn.jp/vu/jvnvu92214181/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-40227	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-22-286-14	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-286-14	Trust: 0.6
url:	https://vigilance.fr/vulnerability/simatic-hmi-denial-of-service-via-tcp-packets-39514	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-40227/	Trust: 0.6

sources: CNVD: CNVD-2022-91619 // JVNDB: JVNDB-2022-018713 // CNNVD: CNNVD-202210-446 // NVD: CVE-2022-40227

CREDITS

Siemens reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202210-446

SOURCES

db:	CNVD	id:	CNVD-2022-91619
db:	JVNDB	id:	JVNDB-2022-018713
db:	CNNVD	id:	CNNVD-202210-446
db:	NVD	id:	CVE-2022-40227

LAST UPDATE DATE

2024-08-14T12:18:52.673000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-91619	date:	2022-12-29T00:00:00
db:	JVNDB	id:	JVNDB-2022-018713	date:	2023-10-23T02:35:00
db:	CNNVD	id:	CNNVD-202210-446	date:	2022-10-17T00:00:00
db:	NVD	id:	CVE-2022-40227	date:	2022-10-14T17:07:23.703

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-91619	date:	2022-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-018713	date:	2023-10-23T00:00:00
db:	CNNVD	id:	CNNVD-202210-446	date:	2022-10-11T00:00:00
db:	NVD	id:	CVE-2022-40227	date:	2022-10-11T11:15:10.940