Details of VAR-202212-1301

ID

VAR-202212-1301

CVE

CVE-2022-45044

TITLE

Resource Exhaustion Vulnerability in Multiple Siemens Products

Trust: 0.8

sources: JVNDB: JVNDB-2022-023451

DESCRIPTION

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.50), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.50), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.50), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.50), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.50), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.50), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.50), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.50), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.50), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.50), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.50), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.50), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.50), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.50), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.50), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.50), SIPROTEC 5 7SX85 (CP300) (All versions < V9.50), SIPROTEC 5 7UM85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.50), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.50), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.50), SIPROTEC 5 7VE85 (CP300) (All versions < V9.50), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.50), SIPROTEC 5 7VU85 (CP300) (All versions < V9.50), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.50), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.50). Affected devices do not properly restrict secure client-initiated renegotiations within the SSL and TLS protocols. This could allow an attacker to create a denial of service condition on the ports 443/tcp and 4443/tcp for the duration of the attack. SIPROTEC 5 6MD85 firmware, SIPROTEC 5 6MD86 firmware, SIPROTEC 5 6MD89 Multiple Siemens products such as firmware contain a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. SIPROTEC 5 devices provide a range of integrated protection, control, measurement and automation functions for substations and other application areas. There is a denial of service vulnerability in Siemens SIPROTEC 5 Devices

Trust: 2.16

sources: NVD: CVE-2022-45044 // JVNDB: JVNDB-2022-023451 // CNVD: CNVD-2022-89763

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-89763

AFFECTED PRODUCTS

vendor:	siemens	model:	siprotec 6md85 devices	scope:	eq	version:	5	Trust: 1.2
vendor:	siemens	model:	siprotec 6md86 devices	scope:	eq	version:	5	Trust: 1.2
vendor:	siemens	model:	siprotec 7ke85 devices	scope:	eq	version:	5	Trust: 1.2
vendor:	siemens	model:	siprotec 7sa82 devices	scope:	eq	version:	5	Trust: 1.2
vendor:	siemens	model:	siprotec 7sa86 devices	scope:	eq	version:	5	Trust: 1.2
vendor:	siemens	model:	siprotec 7sa87 devices	scope:	eq	version:	5	Trust: 1.2
vendor:	siemens	model:	siprotec 7sd82 devices	scope:	eq	version:	5	Trust: 1.2
vendor:	siemens	model:	siprotec 7sd86 devices	scope:	eq	version:	5	Trust: 1.2
vendor:	siemens	model:	siprotec 7sd87 devices	scope:	eq	version:	5	Trust: 1.2
vendor:	siemens	model:	siprotec 7sj81 devices	scope:	eq	version:	5	Trust: 1.2
vendor:	siemens	model:	siprotec 7sj82 devices	scope:	eq	version:	5	Trust: 1.2
vendor:	siemens	model:	siprotec 7sj85 devices	scope:	eq	version:	5	Trust: 1.2
vendor:	siemens	model:	siprotec 7sj86 devices	scope:	eq	version:	5	Trust: 1.2
vendor:	siemens	model:	siprotec 7sk82 devices	scope:	eq	version:	5	Trust: 1.2
vendor:	siemens	model:	siprotec 7sk85 devices	scope:	eq	version:	5	Trust: 1.2
vendor:	siemens	model:	siprotec 7sl82 devices	scope:	eq	version:	5	Trust: 1.2
vendor:	siemens	model:	siprotec 7sl86 devices	scope:	eq	version:	5	Trust: 1.2
vendor:	siemens	model:	siprotec 7vk87 devices	scope:	eq	version:	5	Trust: 1.2
vendor:	siemens	model:	siprotec 7ut87 devices	scope:	eq	version:	5	Trust: 1.2
vendor:	siemens	model:	siprotec 7ut86 devices	scope:	eq	version:	5	Trust: 1.2
vendor:	siemens	model:	siprotec 7ut85 devices	scope:	eq	version:	5	Trust: 1.2
vendor:	siemens	model:	siprotec 7ut82 devices	scope:	eq	version:	5	Trust: 1.2
vendor:	siemens	model:	siprotec 7st85 devices	scope:	eq	version:	5	Trust: 1.2
vendor:	siemens	model:	siprotec 7ss85 devices	scope:	eq	version:	5	Trust: 1.2
vendor:	siemens	model:	siprotec 5 6md86	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sa82	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sa86	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sl86	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7ve85	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7ke85	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sk82	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 communication module ethbb2fo	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 6mu85	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 communication module ethba2el	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sl82	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sl87	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sj85	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sj86	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sk85	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sj82	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7ut87	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 compact 7sx800	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sx85	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7ut85	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 6md85	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7ss85	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7ut82	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sd82	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7st85	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 6md89	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sd86	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7um85	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 communication module ethbd2fo	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7ut86	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7vk87	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sd87	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sj81	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siprotec 5 7sa87	scope:	eq	version:	-	Trust: 1.0
vendor:	シーメンス	model:	siprotec 5 6md89	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siprotec 5 7sd87	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siprotec 5 7sa82	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siprotec 5 7sd86	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siprotec 5 6md85	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siprotec 5 7sa86	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siprotec 5 6mu85	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siprotec 5 7sa87	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siprotec 5 7ke85	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siprotec 5 6md86	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siprotec 5 7sd82	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	siprotec 6md89 devices	scope:	eq	version:	5	Trust: 0.6
vendor:	siemens	model:	siprotec 6mu85 devices	scope:	eq	version:	5	Trust: 0.6
vendor:	siemens	model:	siprotec communication module eth-bd-2fo	scope:	eq	version:	5	Trust: 0.6
vendor:	siemens	model:	siprotec communication module eth-bb-2fo	scope:	eq	version:	5	Trust: 0.6
vendor:	siemens	model:	siprotec communication module eth-ba-2el	scope:	eq	version:	5	Trust: 0.6
vendor:	siemens	model:	siprotec 7ve85 devices	scope:	eq	version:	5	Trust: 0.6
vendor:	siemens	model:	siprotec 7um85 devices	scope:	eq	version:	5	Trust: 0.6
vendor:	siemens	model:	siprotec 7sx85 devices	scope:	eq	version:	5	Trust: 0.6
vendor:	siemens	model:	siprotec 7sl87 devices	scope:	eq	version:	5	Trust: 0.6

sources: CNVD: CNVD-2022-89763 // JVNDB: JVNDB-2022-023451 // NVD: CVE-2022-45044

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2022-45044
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2022-45044
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2022-023451
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-89763
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202212-3096
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2022-89763
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2022-45044
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2022-45044
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2022-023451
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-89763 // JVNDB: JVNDB-2022-023451 // CNNVD: CNNVD-202212-3096 // NVD: CVE-2022-45044 // NVD: CVE-2022-45044

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.0
problemtype:	Resource exhaustion (CWE-400) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-023451 // NVD: CVE-2022-45044

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-3096

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202212-3096

PATCH

title:	Patch for Siemens SIPROTEC 5 Devices Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/380796	Trust: 0.6
title:	Siemens SIPROTEC 5 Remediation of resource management error vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=236709	Trust: 0.6

sources: CNVD: CNVD-2022-89763 // CNNVD: CNNVD-202212-3096

EXTERNAL IDS

db:	NVD	id:	CVE-2022-45044	Trust: 3.8
db:	SIEMENS	id:	SSA-552874	Trust: 3.0
db:	ICS CERT	id:	ICSA-22-349-11	Trust: 0.8
db:	JVN	id:	JVNVU91561630	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-023451	Trust: 0.8
db:	CNVD	id:	CNVD-2022-89763	Trust: 0.6
db:	CNNVD	id:	CNNVD-202212-3096	Trust: 0.6

sources: CNVD: CNVD-2022-89763 // JVNDB: JVNDB-2022-023451 // CNNVD: CNNVD-202212-3096 // NVD: CVE-2022-45044

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-552874.pdf	Trust: 2.4
url:	https://cert-portal.siemens.com/productcert/html/ssa-552874.html	Trust: 1.6
url:	https://jvn.jp/vu/jvnvu91561630/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-45044	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-11	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-45044/	Trust: 0.6

sources: CNVD: CNVD-2022-89763 // JVNDB: JVNDB-2022-023451 // CNNVD: CNNVD-202212-3096 // NVD: CVE-2022-45044

SOURCES

db:	CNVD	id:	CNVD-2022-89763
db:	JVNDB	id:	JVNDB-2022-023451
db:	CNNVD	id:	CNNVD-202212-3096
db:	NVD	id:	CVE-2022-45044

LAST UPDATE DATE

2024-08-14T13:13:42.544000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-89763	date:	2022-12-26T00:00:00
db:	JVNDB	id:	JVNDB-2022-023451	date:	2023-11-29T01:20:00
db:	CNNVD	id:	CNNVD-202212-3096	date:	2023-05-10T00:00:00
db:	NVD	id:	CVE-2022-45044	date:	2024-05-14T16:15:27.180

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-89763	date:	2022-12-26T00:00:00
db:	JVNDB	id:	JVNDB-2022-023451	date:	2023-11-29T00:00:00
db:	CNNVD	id:	CNNVD-202212-3096	date:	2022-12-13T00:00:00
db:	NVD	id:	CVE-2022-45044	date:	2022-12-13T16:15:24.617