ID

VAR-202304-0702


CVE

CVE-2022-43716


TITLE

Use of Freed Memory Vulnerability in Multiple Siemens Products

Trust: 0.8

sources: JVNDB: JVNDB-2022-022093

DESCRIPTION

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product. simatic cp 1242-7 v2 firmware, SIMATIC CP 1243-1 firmware, simatic cp 1243-1 dnp3 Multiple Siemens products, including firmware, contain vulnerabilities related to the use of freed memory.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC IPC DiagMonitor is a set of system monitoring and fault diagnosis software of Siemens (Siemens) in Germany. The SIMATIC CP 1242-7 and CP 1243-7 LTE communications processors connect the SIMATIC S7-1200 controllers to the wide area network (WAN). They offer integrated security features such as firewalls, virtual private networks (VPNs), and support for other data encryption protocols. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or the ST7 master station via the SINAUT ST7 remote control protocol

Trust: 2.16

sources: NVD: CVE-2022-43716 // JVNDB: JVNDB-2022-022093 // CNVD: CNVD-2023-35756

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-35756

AFFECTED PRODUCTS

vendor:siemensmodel:simatic cpscope:eqversion:443-1<v3.3

Trust: 1.2

vendor:siemensmodel:simatic cp 1243-7 lte euscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 1542sp-1scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 443-1scope:ltversion:3.3

Trust: 1.0

vendor:siemensmodel:siplus net cp 443-1 advancedscope:ltversion:3.3

Trust: 1.0

vendor:siemensmodel:siplus et 200sp cp 1543sp-1 isecscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic ipc diagbasescope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siplus tim 1531 ircscope:ltversion:2.3.6

Trust: 1.0

vendor:siemensmodel:siplus et 200sp cp 1542sp-1 irc tx railscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic ipc diagmonitorscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:tim 1531 ircscope:ltversion:2.3.6

Trust: 1.0

vendor:siemensmodel:siplus s7-1200 cp 1243-1scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 1243-1 iecscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siplus net cp 1242-7 v2scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siplus s7-1200 cp 1243-1 railscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 1243-7 lte usscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siplus net cp 443-1scope:ltversion:3.3

Trust: 1.0

vendor:siemensmodel:simatic cp 1243-1scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 1243-8 ircscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 1243-1 dnp3scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 1543sp-1scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:siplus et 200sp cp 1543sp-1 isec tx railscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 1542sp-1 ircscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 443-1 advancedscope:ltversion:3.3

Trust: 1.0

vendor:siemensmodel:simatic cp 1242-7 v2scope:eqversion:*

Trust: 1.0

vendor:シーメンスmodel:simatic cp 443-1 advancedscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic ipc diagmonitorscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic cp 1243-1 dnp3scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siplus net cp 1242-7 v2scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic cp 1542sp-1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic cp 1243-8 ircscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic cp 1243-7 lte usscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siplus net cp 443-1 advancedscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic cp 1543sp-1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siplus et 200sp cp 1543sp-1 isecscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic cp 443-1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic cp 1242-7 v2scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic cp 1243-1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic cp 1243-1 iecscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siplus net cp 443-1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siplus et 200sp cp 1542sp-1 irc tx railscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic ipc diagbasescope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic cp 1542sp-1 ircscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siplus et 200sp cp 1543sp-1 isec tx railscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:simatic cp 1243-7 lte euscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic ipc diagmonitorscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic cpscope:eqversion:1242-7v2

Trust: 0.6

vendor:siemensmodel:simatic cpscope:eqversion:1243-1

Trust: 0.6

vendor:siemensmodel:simatic cp lte euscope:eqversion:1243-7

Trust: 0.6

vendor:siemensmodel:simatic cp lte usscope:eqversion:1243-7

Trust: 0.6

vendor:siemensmodel:simatic cp ircscope:eqversion:1243-8

Trust: 0.6

vendor:siemensmodel:siplus net cpscope:eqversion:1242-7v2

Trust: 0.6

vendor:siemensmodel:siplus s7-1200 cpscope:eqversion:1243-1

Trust: 0.6

vendor:siemensmodel:siplus s7-1200 cp railscope:eqversion:1243-1

Trust: 0.6

vendor:siemensmodel:simatic cp advancedscope:eqversion:443-1<v3.3

Trust: 0.6

vendor:siemensmodel:simatic cp dnp3scope:eqversion:1243-1

Trust: 0.6

vendor:siemensmodel:simatic cp iecscope:eqversion:1243-1

Trust: 0.6

vendor:siemensmodel:simatic cp 1542sp-1scope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic cp 1542sp-1 ircscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic cp 1543sp-1scope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic ipc diagbasescope: - version: -

Trust: 0.6

vendor:siemensmodel:siplus et 200sp cp 1542sp-1 irc tx railscope: - version: -

Trust: 0.6

vendor:siemensmodel:siplus et 200sp cp 1543sp-1 isecscope: - version: -

Trust: 0.6

vendor:siemensmodel:siplus et 200sp cp 1543sp-1 isec tx railscope: - version: -

Trust: 0.6

vendor:siemensmodel:siplus net cpscope:eqversion:443-1<v3.3

Trust: 0.6

vendor:siemensmodel:siplus net cp advanced <v3.3lscope:eqversion:443-1

Trust: 0.6

vendor:siemensmodel:siplus tim ircscope:eqversion:1531<v2.3.6

Trust: 0.6

vendor:siemensmodel:tim ircscope:eqversion:1531<v2.3.6

Trust: 0.6

sources: CNVD: CNVD-2023-35756 // JVNDB: JVNDB-2022-022093 // NVD: CVE-2022-43716

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2022-43716
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2022-43716
value: HIGH

Trust: 1.0

OTHER: JVNDB-2022-022093
value: HIGH

Trust: 0.8

CNVD: CNVD-2023-35756
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202304-727
value: HIGH

Trust: 0.6

CNVD: CNVD-2023-35756
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2022-43716
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2022-022093
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-35756 // JVNDB: JVNDB-2022-022093 // CNNVD: CNNVD-202304-727 // NVD: CVE-2022-43716 // NVD: CVE-2022-43716

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.0

problemtype:Use of freed memory (CWE-416) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-022093 // NVD: CVE-2022-43716

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202304-727

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202304-727

PATCH

title:Patch for Denial of Service Vulnerability in Several Siemens Productsurl:https://www.cnvd.org.cn/patchInfo/show/424641

Trust: 0.6

title:Siemens SIMATIC CP443-1 OPC UA9 Remediation of resource management error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=233080

Trust: 0.6

sources: CNVD: CNVD-2023-35756 // CNNVD: CNNVD-202304-727

EXTERNAL IDS

db:NVDid:CVE-2022-43716

Trust: 3.8

db:SIEMENSid:SSA-566905

Trust: 3.0

db:SIEMENSid:SSA-139628

Trust: 1.0

db:ICS CERTid:ICSA-23-103-10

Trust: 0.8

db:JVNid:JVNVU94715153

Trust: 0.8

db:JVNDBid:JVNDB-2022-022093

Trust: 0.8

db:CNVDid:CNVD-2023-35756

Trust: 0.6

db:AUSCERTid:ESB-2023.2159

Trust: 0.6

db:CNNVDid:CNNVD-202304-727

Trust: 0.6

sources: CNVD: CNVD-2023-35756 // JVNDB: JVNDB-2022-022093 // CNNVD: CNNVD-202304-727 // NVD: CVE-2022-43716

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf

Trust: 3.0

url:https://cert-portal.siemens.com/productcert/html/ssa-139628.html

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/html/ssa-566905.html

Trust: 1.0

url:https://jvn.jp/vu/jvnvu94715153/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-43716

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-10

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2023.2159

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-43716/

Trust: 0.6

sources: CNVD: CNVD-2023-35756 // JVNDB: JVNDB-2022-022093 // CNNVD: CNNVD-202304-727 // NVD: CVE-2022-43716

SOURCES

db:CNVDid:CNVD-2023-35756
db:JVNDBid:JVNDB-2022-022093
db:CNNVDid:CNNVD-202304-727
db:NVDid:CVE-2022-43716

LAST UPDATE DATE

2024-09-10T21:39:02.572000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-35756date:2023-05-10T00:00:00
db:JVNDBid:JVNDB-2022-022093date:2023-11-15T06:20:00
db:CNNVDid:CNNVD-202304-727date:2023-05-10T00:00:00
db:NVDid:CVE-2022-43716date:2024-09-10T10:15:04.627

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-35756date:2023-05-10T00:00:00
db:JVNDBid:JVNDB-2022-022093date:2023-11-15T00:00:00
db:CNNVDid:CNNVD-202304-727date:2023-04-11T00:00:00
db:NVDid:CVE-2022-43716date:2023-04-11T10:15:17.467