ID

VAR-202212-1301


CVE

CVE-2022-45044


TITLE

Resource Exhaustion Vulnerability in Multiple Siemens Products

Trust: 0.8

sources: JVNDB: JVNDB-2022-023451

DESCRIPTION

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.50), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.50), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.50), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.50), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.50), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.50), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.50), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.50), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.50), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.50), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.50), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.50), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.50), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.50), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.50), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.50), SIPROTEC 5 7SX85 (CP300) (All versions < V9.50), SIPROTEC 5 7UM85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.50), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.50), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.50), SIPROTEC 5 7VE85 (CP300) (All versions < V9.50), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.50), SIPROTEC 5 7VU85 (CP300) (All versions < V9.50), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.50), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.50). Affected devices do not properly restrict secure client-initiated renegotiations within the SSL and TLS protocols. This could allow an attacker to create a denial of service condition on the ports 443/tcp and 4443/tcp for the duration of the attack. SIPROTEC 5 6MD85 firmware, SIPROTEC 5 6MD86 firmware, SIPROTEC 5 6MD89 Multiple Siemens products such as firmware contain a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. SIPROTEC 5 devices provide a range of integrated protection, control, measurement and automation functions for substations and other application areas. There is a denial of service vulnerability in Siemens SIPROTEC 5 Devices

Trust: 2.16

sources: NVD: CVE-2022-45044 // JVNDB: JVNDB-2022-023451 // CNVD: CNVD-2022-89763

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-89763

AFFECTED PRODUCTS

vendor:siemensmodel:siprotec 6md85 devicesscope:eqversion:5

Trust: 1.2

vendor:siemensmodel:siprotec 6md86 devicesscope:eqversion:5

Trust: 1.2

vendor:siemensmodel:siprotec 7ke85 devicesscope:eqversion:5

Trust: 1.2

vendor:siemensmodel:siprotec 7sa82 devicesscope:eqversion:5

Trust: 1.2

vendor:siemensmodel:siprotec 7sa86 devicesscope:eqversion:5

Trust: 1.2

vendor:siemensmodel:siprotec 7sa87 devicesscope:eqversion:5

Trust: 1.2

vendor:siemensmodel:siprotec 7sd82 devicesscope:eqversion:5

Trust: 1.2

vendor:siemensmodel:siprotec 7sd86 devicesscope:eqversion:5

Trust: 1.2

vendor:siemensmodel:siprotec 7sd87 devicesscope:eqversion:5

Trust: 1.2

vendor:siemensmodel:siprotec 7sj81 devicesscope:eqversion:5

Trust: 1.2

vendor:siemensmodel:siprotec 7sj82 devicesscope:eqversion:5

Trust: 1.2

vendor:siemensmodel:siprotec 7sj85 devicesscope:eqversion:5

Trust: 1.2

vendor:siemensmodel:siprotec 7sj86 devicesscope:eqversion:5

Trust: 1.2

vendor:siemensmodel:siprotec 7sk82 devicesscope:eqversion:5

Trust: 1.2

vendor:siemensmodel:siprotec 7sk85 devicesscope:eqversion:5

Trust: 1.2

vendor:siemensmodel:siprotec 7sl82 devicesscope:eqversion:5

Trust: 1.2

vendor:siemensmodel:siprotec 7sl86 devicesscope:eqversion:5

Trust: 1.2

vendor:siemensmodel:siprotec 7vk87 devicesscope:eqversion:5

Trust: 1.2

vendor:siemensmodel:siprotec 7ut87 devicesscope:eqversion:5

Trust: 1.2

vendor:siemensmodel:siprotec 7ut86 devicesscope:eqversion:5

Trust: 1.2

vendor:siemensmodel:siprotec 7ut85 devicesscope:eqversion:5

Trust: 1.2

vendor:siemensmodel:siprotec 7ut82 devicesscope:eqversion:5

Trust: 1.2

vendor:siemensmodel:siprotec 7st85 devicesscope:eqversion:5

Trust: 1.2

vendor:siemensmodel:siprotec 7ss85 devicesscope:eqversion:5

Trust: 1.2

vendor:siemensmodel:siprotec 5 6md86scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sa82scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sa86scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sl86scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7ve85scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7ke85scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sk82scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 communication module ethbb2foscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 6mu85scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 communication module ethba2elscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sl82scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sl87scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sj85scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sj86scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sk85scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sj82scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7ut87scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 compact 7sx800scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sx85scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7ut85scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 6md85scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7ss85scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7ut82scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sd82scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7st85scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 6md89scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sd86scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7um85scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 communication module ethbd2foscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7ut86scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7vk87scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sd87scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sj81scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 7sa87scope:eqversion: -

Trust: 1.0

vendor:シーメンスmodel:siprotec 5 6md89scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 7sd87scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 7sa82scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 7sd86scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 6md85scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 7sa86scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 6mu85scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 7sa87scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 7ke85scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 6md86scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5 7sd82scope: - version: -

Trust: 0.8

vendor:siemensmodel:siprotec 6md89 devicesscope:eqversion:5

Trust: 0.6

vendor:siemensmodel:siprotec 6mu85 devicesscope:eqversion:5

Trust: 0.6

vendor:siemensmodel:siprotec communication module eth-bd-2foscope:eqversion:5

Trust: 0.6

vendor:siemensmodel:siprotec communication module eth-bb-2foscope:eqversion:5

Trust: 0.6

vendor:siemensmodel:siprotec communication module eth-ba-2elscope:eqversion:5

Trust: 0.6

vendor:siemensmodel:siprotec 7ve85 devicesscope:eqversion:5

Trust: 0.6

vendor:siemensmodel:siprotec 7um85 devicesscope:eqversion:5

Trust: 0.6

vendor:siemensmodel:siprotec 7sx85 devicesscope:eqversion:5

Trust: 0.6

vendor:siemensmodel:siprotec 7sl87 devicesscope:eqversion:5

Trust: 0.6

sources: CNVD: CNVD-2022-89763 // JVNDB: JVNDB-2022-023451 // NVD: CVE-2022-45044

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2022-45044
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2022-45044
value: HIGH

Trust: 1.0

OTHER: JVNDB-2022-023451
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2022-89763
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202212-3096
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2022-89763
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2022-45044
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2022-45044
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2022-023451
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-89763 // JVNDB: JVNDB-2022-023451 // CNNVD: CNNVD-202212-3096 // NVD: CVE-2022-45044 // NVD: CVE-2022-45044

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.0

problemtype:Resource exhaustion (CWE-400) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-023451 // NVD: CVE-2022-45044

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-3096

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202212-3096

PATCH

title:Patch for Siemens SIPROTEC 5 Devices Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/380796

Trust: 0.6

title:Siemens SIPROTEC 5 Remediation of resource management error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=236709

Trust: 0.6

sources: CNVD: CNVD-2022-89763 // CNNVD: CNNVD-202212-3096

EXTERNAL IDS

db:NVDid:CVE-2022-45044

Trust: 3.8

db:SIEMENSid:SSA-552874

Trust: 3.0

db:ICS CERTid:ICSA-22-349-11

Trust: 0.8

db:JVNid:JVNVU91561630

Trust: 0.8

db:JVNDBid:JVNDB-2022-023451

Trust: 0.8

db:CNVDid:CNVD-2022-89763

Trust: 0.6

db:CNNVDid:CNNVD-202212-3096

Trust: 0.6

sources: CNVD: CNVD-2022-89763 // JVNDB: JVNDB-2022-023451 // CNNVD: CNNVD-202212-3096 // NVD: CVE-2022-45044

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-552874.pdf

Trust: 2.4

url:https://cert-portal.siemens.com/productcert/html/ssa-552874.html

Trust: 1.6

url:https://jvn.jp/vu/jvnvu91561630/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-45044

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-11

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-45044/

Trust: 0.6

sources: CNVD: CNVD-2022-89763 // JVNDB: JVNDB-2022-023451 // CNNVD: CNNVD-202212-3096 // NVD: CVE-2022-45044

SOURCES

db:CNVDid:CNVD-2022-89763
db:JVNDBid:JVNDB-2022-023451
db:CNNVDid:CNNVD-202212-3096
db:NVDid:CVE-2022-45044

LAST UPDATE DATE

2024-08-14T13:13:42.544000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-89763date:2022-12-26T00:00:00
db:JVNDBid:JVNDB-2022-023451date:2023-11-29T01:20:00
db:CNNVDid:CNNVD-202212-3096date:2023-05-10T00:00:00
db:NVDid:CVE-2022-45044date:2024-05-14T16:15:27.180

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-89763date:2022-12-26T00:00:00
db:JVNDBid:JVNDB-2022-023451date:2023-11-29T00:00:00
db:CNNVDid:CNNVD-202212-3096date:2022-12-13T00:00:00
db:NVDid:CVE-2022-45044date:2022-12-13T16:15:24.617