Sign-up

ID

VAR-202212-1161


CVE

CVE-2022-43723


TITLE

Siemens SICAM PAS/PQS input validation error vulnerability

Trust: 1.2

sources: CNVD: CNVD-2022-89760 // CNNVD: CNNVD-202212-3101

DESCRIPTION

A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0), SICAM PAS/PQS (All versions >= 7.0 < V8.06). Affected software does not properly validate the input for a certain parameter in the s7ontcp.dll. This could allow an unauthenticated remote attacker to send messages and create a denial of service condition as the application crashes. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. Siemens' sicam pas/pqs There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Siemens SICAM PAS/PQS is a software of Siemens with an operating system for energy automation and power quality

Trust: 2.25

sources: NVD: CVE-2022-43723 // JVNDB: JVNDB-2022-023209 // CNVD: CNVD-2022-89760 // VULHUB: VHN-440860

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-89760

AFFECTED PRODUCTS

vendor:siemensmodel:sicam pas\/pqsscope:ltversion:8.06

Trust: 1.0

vendor:siemensmodel:sicam pas\/pqsscope:gteversion:7.0

Trust: 1.0

vendor:シーメンスmodel:sicam pas/pqsscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:sicam pas/pqsscope:eqversion:7.0 that's all 8.06

Trust: 0.8

vendor:シーメンスmodel:sicam pas/pqsscope: - version: -

Trust: 0.8

vendor:siemensmodel:sicam pas/pqsscope:ltversion:v7.0

Trust: 0.6

vendor:siemensmodel:sicam pas/pqsscope:gteversion:7.0,<v8.06

Trust: 0.6

sources: CNVD: CNVD-2022-89760 // JVNDB: JVNDB-2022-023209 // NVD: CVE-2022-43723

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-43723
value: HIGH

Trust: 1.0

NVD: CVE-2022-43723
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-89760
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202212-3101
value: HIGH

Trust: 0.6

CNVD: CNVD-2022-89760
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-43723
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-43723
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-89760 // JVNDB: JVNDB-2022-023209 // CNNVD: CNNVD-202212-3101 // NVD: CVE-2022-43723

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-1287

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-440860 // JVNDB: JVNDB-2022-023209 // NVD: CVE-2022-43723

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-3101

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202212-3101

PATCH

title:Patch for Siemens SICAM PAS/PQS input validation error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/380776

Trust: 0.6

title:Siemens SICAM PAS/PQS Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=217840

Trust: 0.6

sources: CNVD: CNVD-2022-89760 // CNNVD: CNNVD-202212-3101

EXTERNAL IDS

db:NVDid:CVE-2022-43723

Trust: 3.9

db:SIEMENSid:SSA-849072

Trust: 3.1

db:ICS CERTid:ICSA-22-349-19

Trust: 0.8

db:JVNid:JVNVU91561630

Trust: 0.8

db:JVNDBid:JVNDB-2022-023209

Trust: 0.8

db:CNVDid:CNVD-2022-89760

Trust: 0.6

db:CNNVDid:CNNVD-202212-3101

Trust: 0.6

db:VULHUBid:VHN-440860

Trust: 0.1

sources: CNVD: CNVD-2022-89760 // VULHUB: VHN-440860 // JVNDB: JVNDB-2022-023209 // CNNVD: CNNVD-202212-3101 // NVD: CVE-2022-43723

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-849072.pdf

Trust: 3.1

url:https://jvn.jp/vu/jvnvu91561630/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-43723

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-19

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-43723/

Trust: 0.6

sources: CNVD: CNVD-2022-89760 // VULHUB: VHN-440860 // JVNDB: JVNDB-2022-023209 // CNNVD: CNNVD-202212-3101 // NVD: CVE-2022-43723

SOURCES

db:CNVDid:CNVD-2022-89760
db:VULHUBid:VHN-440860
db:JVNDBid:JVNDB-2022-023209
db:CNNVDid:CNNVD-202212-3101
db:NVDid:CVE-2022-43723

LAST UPDATE DATE

2024-08-14T12:55:14.366000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-89760date:2022-12-26T00:00:00
db:VULHUBid:VHN-440860date:2022-12-15T00:00:00
db:JVNDBid:JVNDB-2022-023209date:2023-11-28T03:04:00
db:CNNVDid:CNNVD-202212-3101date:2022-12-16T00:00:00
db:NVDid:CVE-2022-43723date:2023-10-17T19:05:26.933

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-89760date:2022-12-26T00:00:00
db:VULHUBid:VHN-440860date:2022-12-13T00:00:00
db:JVNDBid:JVNDB-2022-023209date:2023-11-28T00:00:00
db:CNNVDid:CNNVD-202212-3101date:2022-12-13T00:00:00
db:NVDid:CVE-2022-43723date:2022-12-13T16:15:24.250