ID
VAR-202212-1142
CVE
CVE-2022-46351
TITLE
Resource Exhaustion Vulnerability in Multiple Siemens Products
Trust: 0.8
DESCRIPTION
A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). Specially crafted PROFINET DCP packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). 6gk5204-0ba00-2mb2 firmware, 6gk5204-0ba00-2kb2 firmware, 6gk5204-0bs00-2na3 Multiple Siemens products such as firmware contain a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. The SCALANCE X-204RNA Industrial Ethernet Access Points enable non-PRP end devices to be connected to separate parallel networks if required
Trust: 2.16
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | siemens | model: | scalance x204rna eec | scope: | lt | version: | v3.2.7 | Trust: 1.8 |
| vendor: | siemens | model: | scalance x204rna | scope: | lt | version: | v3.2.7 | Trust: 1.2 |
| vendor: | siemens | model: | 6gk5204-0ba00-2mb2 | scope: | lt | version: | 3.2.7 | Trust: 1.0 |
| vendor: | siemens | model: | 6gk5204-0bs00-2na3 | scope: | lt | version: | 3.2.7 | Trust: 1.0 |
| vendor: | siemens | model: | 6gk5204-0ba00-2kb2 | scope: | lt | version: | 3.2.7 | Trust: 1.0 |
| vendor: | siemens | model: | 6gk5204-0bs00-3pa3 | scope: | lt | version: | 3.2.7 | Trust: 1.0 |
| vendor: | siemens | model: | 6gk5204-0bs00-3la3 | scope: | lt | version: | 3.2.7 | Trust: 1.0 |
| vendor: | シーメンス | model: | 6gk5204-0bs00-2na3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | 6gk5204-0bs00-3pa3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | 6gk5204-0bs00-3la3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | 6gk5204-0ba00-2mb2 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | 6gk5204-0ba00-2kb2 | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-400 | Trust: 1.0 |
| problemtype: | Resource exhaustion (CWE-400) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
local
Trust: 0.6
TYPE
resource management error
Trust: 0.6
PATCH
| title: | Patch for Siemens SCALANCE X-200RNA Switch Devices Uncontrolled Resource Consumption Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/372301 | Trust: 0.6 |
| title: | Siemens SCALANCE Series Remediation of resource management error vulnerabilities | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=217824 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-46351 | Trust: 3.8 |
| db: | SIEMENS | id: | SSA-363821 | Trust: 3.0 |
| db: | ICS CERT | id: | ICSA-22-349-02 | Trust: 1.4 |
| db: | JVN | id: | JVNVU91561630 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2022-023297 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2022-87968 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202212-3079 | Trust: 0.6 |
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf | Trust: 2.4 |
| url: | https://jvn.jp/vu/jvnvu91561630/ | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-46351 | Trust: 0.8 |
| url: | https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-02 | Trust: 0.8 |
| url: | https://cert-portal.siemens.com/productcert/html/ssa-363821.html | Trust: 0.6 |
| url: | https://cxsecurity.com/cveshow/cve-2022-46351/ | Trust: 0.6 |
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-22-349-02 | Trust: 0.6 |
CREDITS
Siemens reported these vulnerabilities to CISA.
Trust: 0.6
SOURCES
| db: | CNVD | id: | CNVD-2022-87968 |
| db: | JVNDB | id: | JVNDB-2022-023297 |
| db: | CNNVD | id: | CNNVD-202212-3079 |
| db: | NVD | id: | CVE-2022-46351 |
LAST UPDATE DATE
2024-08-14T12:55:47.046000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2022-87968 | date: | 2022-12-16T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-023297 | date: | 2023-11-28T03:13:00 |
| db: | CNNVD | id: | CNNVD-202212-3079 | date: | 2022-12-19T00:00:00 |
| db: | NVD | id: | CVE-2022-46351 | date: | 2022-12-15T21:05:03.147 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2022-87968 | date: | 2022-12-16T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-023297 | date: | 2023-11-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-202212-3079 | date: | 2022-12-13T00:00:00 |
| db: | NVD | id: | CVE-2022-46351 | date: | 2022-12-13T16:15:25.730 |