Vulnerability-Lookup

CVE-2022-43768 (GCVE-0-2022-43768)

Vulnerability from cvelistv5 – Published: 2023-04-11 09:02 – Updated: 2025-02-07 16:51

Summary

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

siemens

References

URL

Tags

	https://cert-portal.siemens.com/productcert/pdf/s…
	https://cert-portal.siemens.com/productcert/html/…
	https://cert-portal.siemens.com/productcert/html/…

Impacted products

Vendor

Product

Version

Siemens

SIMATIC CP 1242-7 V2

Affected: 0 , < V3.4.29 (custom)

Siemens	SIMATIC CP 1243-1	Affected: 0 , < V3.4.29 (custom)
Siemens	SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)	Affected: 0 , < V3.4.29 (custom)
Siemens	SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)	Affected: 0 , < V3.4.29 (custom)
Siemens	SIMATIC CP 1243-7 LTE EU	Affected: 0 , < V3.4.29 (custom)
Siemens	SIMATIC CP 1243-7 LTE US	Affected: 0 , < V3.4.29 (custom)
Siemens	SIMATIC CP 1243-8 IRC	Affected: 0 , < V3.4.29 (custom)
Siemens	SIMATIC CP 1542SP-1	Affected: 0 , < V2.3 (custom)
Siemens	SIMATIC CP 1542SP-1 IRC	Affected: 0 , < V2.3 (custom)
Siemens	SIMATIC CP 1543SP-1	Affected: 0 , < V2.3 (custom)
Siemens	SIMATIC CP 443-1	Affected: 0 , < V3.3 (custom)
Siemens	SIMATIC CP 443-1	Affected: 0 , < V3.3 (custom)
Siemens	SIMATIC CP 443-1 Advanced	Affected: 0 , < V3.3 (custom)
Siemens	SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL	Affected: 0 , < V2.3 (custom)
Siemens	SIPLUS ET 200SP CP 1543SP-1 ISEC	Affected: 0 , < V2.3 (custom)
Siemens	SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL	Affected: 0 , < V2.3 (custom)
Siemens	SIPLUS NET CP 1242-7 V2	Affected: 0 , < V3.4.29 (custom)
Siemens	SIPLUS NET CP 443-1	Affected: 0 , < V3.3 (custom)
Siemens	SIPLUS NET CP 443-1 Advanced	Affected: 0 , < V3.3 (custom)
Siemens	SIPLUS S7-1200 CP 1243-1	Affected: 0 , < V3.4.29 (custom)
Siemens	SIPLUS S7-1200 CP 1243-1 RAIL	Affected: 0 , < V3.4.29 (custom)
Siemens	SIPLUS TIM 1531 IRC	Affected: 0 , < V2.3.6 (custom)
Siemens	TIM 1531 IRC	Affected: 0 , < V2.3.6 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:40:06.422Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-43768",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-07T16:50:58.868618Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-07T16:51:07.850Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1242-7 V2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-7 LTE EU",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-7 LTE US",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1243-8 IRC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1542SP-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1542SP-1 IRC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1543SP-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 443-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 1242-7 V2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 443-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS NET CP 443-1 Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1200 CP 1243-1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1200 CP 1243-1 RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.4.29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS TIM 1531 IRC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "TIM 1531 IRC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.3.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions \u003c V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions \u003c V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions \u003c V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions \u003c V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions \u003c V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions \u003c V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions \u003c V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T09:33:34.861Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2022-43768",
    "datePublished": "2023-04-11T09:02:51.623Z",
    "dateReserved": "2022-10-26T11:27:16.347Z",
    "dateUpdated": "2025-02-07T16:51:07.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-139628.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-566905.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T13:40:06.422Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-43768\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-07T16:50:58.868618Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-07T16:50:50.408Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C\"}}], \"affected\": [{\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1242-7 V2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.4.29\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1243-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.4.29\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.4.29\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.4.29\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1243-7 LTE EU\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.4.29\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1243-7 LTE US\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.4.29\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1243-8 IRC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.4.29\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1542SP-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1542SP-1 IRC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 1543SP-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 443-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 443-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC CP 443-1 Advanced\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200SP CP 1543SP-1 ISEC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS NET CP 1242-7 V2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.4.29\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS NET CP 443-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS NET CP 443-1 Advanced\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CP 1243-1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.4.29\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1200 CP 1243-1 RAIL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.4.29\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS TIM 1531 IRC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.3.6\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"TIM 1531 IRC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.3.6\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-139628.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-566905.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions \u003c V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions \u003c V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions \u003c V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions \u003c V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions \u003c V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions \u003c V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions \u003c V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"shortName\": \"siemens\", \"dateUpdated\": \"2024-09-10T09:33:34.861Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-43768\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-07T16:51:07.850Z\", \"dateReserved\": \"2022-10-26T11:27:16.347Z\", \"assignerOrgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"datePublished\": \"2023-04-11T09:02:51.623Z\", \"assignerShortName\": \"siemens\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2023-AVI-0298

Vulnerability from certfr_avis - Published: 2023-04-11 - Updated: 2023-04-11

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	Solid Edge SE2023 avec KeyShot 11 versions antérieures à V2023.1
Siemens	N/A	TIA Portal V18 versions antérieures à V18 Update 1
Siemens	N/A	TeleControl Server Basic V3
Siemens	N/A	Polarion ALM versions antérieures à V2304.0
Siemens	N/A	CP-8031 MASTER MODULE (6MF2803-1AA00) et CP-8050 MASTER MODULE (6MF2805-0AA00) versions antérieures à CPCI85 V05
Siemens	N/A	TIA Portal V15, V16 et V17
Siemens	N/A	JT2Go versions antérieures à V14.2.0.2
Siemens	N/A	De nombreuses références SIPROTEC, SCALANCE, SIMATIC et SIPLUS, se référer aux bulletins de sécurité de l'éditeur pour la liste complète
Siemens	N/A	SIMATIC S7-400 PN/DP CPU family
Siemens	N/A	Teamcenter Visualization V13.2 versions antérieures à V13.2.0.13
Siemens	N/A	Mendix Forgot Password (Mendix 8 compatible) versions antérieures à V4.1.1
Siemens	N/A	Mendix Forgot Password (Mendix 9 compatible) versions antérieures à V5.1.1
Siemens	N/A	SIMATIC CP 443-1 Advanced versions antérieures à V3.2.17
Siemens	N/A	SIMATIC CP 343-1 Advanced versions antérieures à V3.0.53
Siemens	N/A	Teamcenter Visualization V14.0 versions antérieures à V14.0.0.5
Siemens	N/A	SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions antérieures à V2.2
Siemens	N/A	JT Open versions antérieures à V11.3.2.0
Siemens	N/A	Teamcenter Visualization V14.2 versions antérieures à V14.2.0.2
Siemens	N/A	Mendix Forgot Password (Mendix 7 compatible) versions antérieures à V3.7.1
Siemens	N/A	JT Utilities versions antérieures à V13.3.0.0
Siemens	N/A	Teamcenter Visualization V13.3 versions antérieures à V13.3.0.9
Siemens	N/A	OpenPCS 7 V9.1
Siemens	N/A	SIMATIC S7-300 CPU family versions antérieures à V3.X.18
Siemens	N/A	Teamcenter Visualization V14.1 versions antérieures à V14.1.0.7

References

Title

Publication Time

GHSA-WXPJ-F564-69X8

Vulnerability from github – Published: 2023-04-11 12:30 – Updated: 2024-06-11 09:30

Details

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-43768"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-770"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-11T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (All versions \u003c V3.3), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (All versions \u003c V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions \u003c V2.3.6), TIM 1531 IRC (All versions \u003c V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.",
  "id": "GHSA-wxpj-f564-69x8",
  "modified": "2024-06-11T09:30:53Z",
  "published": "2023-04-11T12:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43768"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2022-43768

Vulnerability from fkie_nvd - Published: 2023-04-11 10:15 - Updated: 2024-11-21 07:27

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
productcert@siemens.com	https://cert-portal.siemens.com/productcert/html/ssa-139628.html
productcert@siemens.com	https://cert-portal.siemens.com/productcert/html/ssa-566905.html
productcert@siemens.com	https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/html/ssa-139628.html
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/html/ssa-566905.html
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf	Vendor Advisory

Impacted products

Vendor	Product	Version
siemens	simatic_cp_1242-7_v2_firmware	*
siemens	simatic_cp_1242-7_v2	-
siemens	simatic_cp_1243-1_firmware	*
siemens	simatic_cp_1243-1	-
siemens	simatic_cp_1243-1_dnp3_firmware	*
siemens	simatic_cp_1243-1_dnp3	-
siemens	simatic_cp_1243-1_iec_firmware	*
siemens	simatic_cp_1243-1_iec	-
siemens	simatic_cp_1243-7_lte_eu_firmware	*
siemens	simatic_cp_1243-7_lte_eu	-
siemens	simatic_cp_1243-7_lte_us_firmware	*
siemens	simatic_cp_1243-7_lte_us	-
siemens	simatic_cp_1243-8_irc_firmware	*
siemens	simatic_cp_1243-8_irc	-
siemens	simatic_cp_1542sp-1_firmware	*
siemens	simatic_cp_1542sp-1	-
siemens	simatic_cp_1542sp-1_irc_firmware	*
siemens	simatic_cp_1542sp-1_irc	-
siemens	simatic_cp_1543sp-1_firmware	*
siemens	simatic_cp_1543sp-1	-
siemens	simatic_cp_443-1_firmware	*
siemens	simatic_cp_443-1	-
siemens	simatic_cp_443-1_advanced_firmware	*
siemens	simatic_cp_443-1_advanced	-
siemens	simatic_ipc_diagbase_firmware	*
siemens	simatic_ipc_diagbase	-
siemens	simatic_ipc_diagmonitor_firmware	*
siemens	simatic_ipc_diagmonitor	-
siemens	siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware	*
siemens	siplus_et_200sp_cp_1542sp-1_irc_tx_rail	-
siemens	siplus_et_200sp_cp_1543sp-1_isec_firmware	*
siemens	siplus_et_200sp_cp_1543sp-1_isec	-
siemens	siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware	*
siemens	siplus_et_200sp_cp_1543sp-1_isec_tx_rail	-
siemens	siplus_net_cp_1242-7_v2_firmware	*
siemens	siplus_net_cp_1242-7_v2	-
siemens	siplus_net_cp_443-1_firmware	*
siemens	siplus_net_cp_443-1	-
siemens	siplus_net_cp_443-1_advanced_firmware	*
siemens	siplus_net_cp_443-1_advanced	-
siemens	siplus_s7-1200_cp_1243-1_firmware	*
siemens	siplus_s7-1200_cp_1243-1	-
siemens	siplus_s7-1200_cp_1243-1_rail_firmware	*
siemens	siplus_s7-1200_cp_1243-1_rail	-
siemens	siplus_tim_1531_irc_firmware	*
siemens	siplus_tim_1531_irc	-
siemens	tim_1531_irc_firmware	*
siemens	tim_1531_irc	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_cp_1242-7_v2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "840C5C25-1E34-42FA-8221-7232622C204F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_cp_1242-7_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "29D4C72C-4E84-4563-9D66-5C641AB996BA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE3D7928-8E1A-400E-B790-58D6F5938E3C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA9BB25C-D5E3-43DE-8C73-06BDC43CA960",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_dnp3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCF9D803-FF47-4400-B2C4-1F4EE28E5AA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_cp_1243-1_dnp3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FFBFB96-1A35-4724-831B-68E3A9C32921",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_iec_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE5003DA-5488-47C1-B442-9137E849FDD5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_cp_1243-1_iec:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFE96226-A2DF-4A9E-8CBB-8D7CF328E404",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte_eu_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "93D43BC6-EDE3-4EE1-9410-4717EB641AD0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "651C66E8-B3C0-4E88-BC7C-30BF16A7F7A3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte_us_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "786F3FFD-87E4-45B9-A33C-BAE58379FF39",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_us:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF9224A6-8A35-4F4F-951F-5B24B89E5FC8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_cp_1243-8_irc_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2AA6B43-7FC7-465A-9CD8-E8A4D6DBCD27",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_cp_1243-8_irc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12A45F37-1E7D-4748-ADAC-EC4C454B693A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1F51B86-57EE-4DB6-B038-06726BC93D2D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_cp_1542sp-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C868560-8BAE-462D-AED0-3C52EA9B6DB8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8648EF79-043D-48DE-B9F8-BF762862EE99",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E362CEA5-F47B-4294-8F2D-A0A7AC6FF390",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C8B5C37-200C-4531-8876-3E05F3DE3EC8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_cp_1543sp-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "843A8686-5172-4782-BB97-B5D3C6FB27A3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_cp_443-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCDA714C-5851-4E35-806F-E0C651A1E87A",
              "versionEndExcluding": "3.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_cp_443-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F58423D0-954E-426E-9F8F-3DD95FBDF50C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_cp_443-1_advanced_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "418A9C80-BEFD-4A1F-B1BB-6C45A9267A44",
              "versionEndExcluding": "3.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_cp_443-1_advanced:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E478FE71-32D1-4FE4-8AC9-1C898EFFD0B3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_ipc_diagbase_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "530FD06D-E020-4EB3-87DD-F7B2FEE58008",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_ipc_diagbase:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8784BA58-12BF-4F1C-94D6-2D15933703C8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_ipc_diagmonitor_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "91371CD0-EBDF-43C5-A262-A46E1C343716",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_ipc_diagmonitor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5E06833-4C26-40AC-B6CF-F7D1322462D6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE009635-7EC7-4A2F-B1FA-DD75213A25CA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF3E5DDA-1BD4-4511-A2C8-4B5D40E6755E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9054A7B6-9569-4D65-9695-A0FFA4F56C74",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A60FC550-A518-46BF-9124-E21DD654981C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F488C27-C8B9-4238-8409-AB7ACA3BC849",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "25634AD2-2CC0-45AF-B5DE-39D30CBA91A4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siplus_net_cp_1242-7_v2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE26E32-47C0-4976-A23A-07C1AE318C35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siplus_net_cp_1242-7_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "116E84DA-31F7-4AAC-A1AE-491C4C98BD49",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siplus_net_cp_443-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45B95689-C355-4CF1-AE7A-0860E4CEA11A",
              "versionEndExcluding": "3.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siplus_net_cp_443-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21F04D79-5815-4D36-8AA5-4866751D0DDB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siplus_net_cp_443-1_advanced_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "94CC55CF-9BA3-4BE7-9654-F6B6C4F0DA62",
              "versionEndExcluding": "3.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siplus_net_cp_443-1_advanced:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2498071A-6540-4147-8D01-3B81A5CE9A57",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E700BF4C-64B1-455C-A6A6-3E4D71FB91B7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9E746CF-4009-4A14-8916-A9E0276CAF8B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_rail_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B3C83EF-5D93-4F0B-80F9-997261F3DBA9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1_rail:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A294530-727C-4535-8B02-668DF74587D4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siplus_tim_1531_irc_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C616E50-1F96-4A87-8470-1BA8732FCB77",
              "versionEndExcluding": "2.3.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siplus_tim_1531_irc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "074FDC9C-CB36-4C67-82C8-1B930FF1269F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4646AF8C-B871-4F9E-85A4-ECE8F13AFB21",
              "versionEndExcluding": "2.3.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D94BEB-BBFB-4258-9835-87DBBB999239",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions \u003c V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions \u003c V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions \u003c V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions \u003c V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions \u003c V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions \u003c V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions \u003c V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product."
    }
  ],
  "id": "CVE-2022-43768",
  "lastModified": "2024-11-21T07:27:11.733",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "productcert@siemens.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-04-11T10:15:17.617",
  "references": [
    {
      "source": "productcert@siemens.com",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html"
    },
    {
      "source": "productcert@siemens.com",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    }
  ]
}

CNVD-2023-35759

Vulnerability from cnvd - Published: 2023-05-10

Title

多款Siemens产品拒绝服务漏洞（CNVD-2023-35759）

Description

Siemens SIMATIC IPC DiagMonitor是德国西门子（Siemens）公司的一套系统监控和故障诊断软件。SIMATIC CP 1242-7和CP 1243-7 LTE通信处理器将SIMATIC S7-1200控制器连接到广域网（WAN）。它们提供集成的安全功能，如防火墙、虚拟专用网络（VPN）以及对其他数据加密协议的支持。SIMATIC CP 1243-8 IRC通信处理器通过SINAUT ST7遥控协议将SIMATIC S7-1200控制器连接到控制中心或ST7主站。多款Siemens产品存在拒绝服务漏洞，攻击者可利用该漏洞导致受影响产品的Web服务器出现拒绝服务的情况。

Severity

高

Patch Name

多款Siemens产品拒绝服务漏洞（CNVD-2023-35759）的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf

Impacted products

Name
['Siemens SIMATIC IPC DiagMonitor', 'Siemens SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0)', 'Siemens SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0)', 'Siemens SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0)', 'Siemens SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0)', 'Siemens SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0)', 'Siemens SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0)', 'Siemens SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0)', 'Siemens SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0)', 'SIEMENS SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) <V3.3', 'SIEMENS SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) <V3.3', 'SIEMENS SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) <V3.3', 'SIEMENS SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) null', 'SIEMENS SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) null', 'SIEMENS SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) null', 'Siemens SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) null', 'Siemens SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) null', 'SIEMENS SIMATIC IPC DiagBase null', 'SIEMENS SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL(6AG2542-6VX00-4XE0) null', 'SIEMENS SIPLUS ET 200SP CP 1543SP-1 ISEC(6AG1543-6WX00-7XE0) null', 'SIEMENS SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL(6AG2543-6WX00-4XE0) null', 'SIEMENS SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) <V3.3', 'SIEMENS SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) <V3.3l', 'Siemens SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) <V2.3.6', 'Siemens TIM 1531 IRC (6GK7543-1MX00-0XE0) <V2.3.6']

Name

['Siemens SIMATIC IPC DiagMonitor', 'Siemens SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0)', 'Siemens SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0)', 'Siemens SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0)', 'Siemens SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0)', 'Siemens SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0)', 'Siemens SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0)', 'Siemens SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0)', 'Siemens SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0)', 'SIEMENS SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) <V3.3', 'SIEMENS SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) <V3.3', 'SIEMENS SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) <V3.3', 'SIEMENS SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) null', 'SIEMENS SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) null', 'SIEMENS SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) null', 'Siemens SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) null', 'Siemens SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) null', 'SIEMENS SIMATIC IPC DiagBase null', 'SIEMENS SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL(6AG2542-6VX00-4XE0) null', 'SIEMENS SIPLUS ET 200SP CP 1543SP-1 ISEC(6AG1543-6WX00-7XE0) null', 'SIEMENS SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL(6AG2543-6WX00-4XE0) null', 'SIEMENS SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) <V3.3', 'SIEMENS SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) <V3.3l', 'Siemens SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) <V2.3.6', 'Siemens TIM 1531 IRC (6GK7543-1MX00-0XE0) <V2.3.6']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-43768",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-43768"
    }
  },
  "description": "Siemens SIMATIC IPC DiagMonitor\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u5957\u7cfb\u7edf\u76d1\u63a7\u548c\u6545\u969c\u8bca\u65ad\u8f6f\u4ef6\u3002SIMATIC CP 1242-7\u548cCP 1243-7 LTE\u901a\u4fe1\u5904\u7406\u5668\u5c06SIMATIC S7-1200\u63a7\u5236\u5668\u8fde\u63a5\u5230\u5e7f\u57df\u7f51\uff08WAN\uff09\u3002\u5b83\u4eec\u63d0\u4f9b\u96c6\u6210\u7684\u5b89\u5168\u529f\u80fd\uff0c\u5982\u9632\u706b\u5899\u3001\u865a\u62df\u4e13\u7528\u7f51\u7edc\uff08VPN\uff09\u4ee5\u53ca\u5bf9\u5176\u4ed6\u6570\u636e\u52a0\u5bc6\u534f\u8bae\u7684\u652f\u6301\u3002SIMATIC CP 1243-8 IRC\u901a\u4fe1\u5904\u7406\u5668\u901a\u8fc7SINAUT ST7\u9065\u63a7\u534f\u8bae\u5c06SIMATIC S7-1200\u63a7\u5236\u5668\u8fde\u63a5\u5230\u63a7\u5236\u4e2d\u5fc3\u6216ST7\u4e3b\u7ad9\u3002\n\n\u591a\u6b3eSiemens\u4ea7\u54c1\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u53d7\u5f71\u54cd\u4ea7\u54c1\u7684Web\u670d\u52a1\u5668\u51fa\u73b0\u62d2\u7edd\u670d\u52a1\u7684\u60c5\u51b5\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-35759",
  "openTime": "2023-05-10",
  "patchDescription": "Siemens SIMATIC IPC DiagMonitor\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u5957\u7cfb\u7edf\u76d1\u63a7\u548c\u6545\u969c\u8bca\u65ad\u8f6f\u4ef6\u3002SIMATIC CP 1242-7\u548cCP 1243-7 LTE\u901a\u4fe1\u5904\u7406\u5668\u5c06SIMATIC S7-1200\u63a7\u5236\u5668\u8fde\u63a5\u5230\u5e7f\u57df\u7f51\uff08WAN\uff09\u3002\u5b83\u4eec\u63d0\u4f9b\u96c6\u6210\u7684\u5b89\u5168\u529f\u80fd\uff0c\u5982\u9632\u706b\u5899\u3001\u865a\u62df\u4e13\u7528\u7f51\u7edc\uff08VPN\uff09\u4ee5\u53ca\u5bf9\u5176\u4ed6\u6570\u636e\u52a0\u5bc6\u534f\u8bae\u7684\u652f\u6301\u3002SIMATIC CP 1243-8 IRC\u901a\u4fe1\u5904\u7406\u5668\u901a\u8fc7SINAUT ST7\u9065\u63a7\u534f\u8bae\u5c06SIMATIC S7-1200\u63a7\u5236\u5668\u8fde\u63a5\u5230\u63a7\u5236\u4e2d\u5fc3\u6216ST7\u4e3b\u7ad9\u3002\r\n\r\n\u591a\u6b3eSiemens\u4ea7\u54c1\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u53d7\u5f71\u54cd\u4ea7\u54c1\u7684Web\u670d\u52a1\u5668\u51fa\u73b0\u62d2\u7edd\u670d\u52a1\u7684\u60c5\u51b5\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eSiemens\u4ea7\u54c1\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2023-35759\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens SIMATIC IPC DiagMonitor",
      "Siemens SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0)",
      "Siemens SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0)",
      "Siemens SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0)",
      "Siemens SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0)",
      "Siemens SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0)",
      "Siemens SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0)",
      "Siemens SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0)",
      "Siemens SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0)",
      "SIEMENS SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) \u003cV3.3",
      "SIEMENS SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) \u003cV3.3",
      "SIEMENS SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) \u003cV3.3",
      "SIEMENS SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) null",
      "SIEMENS SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) null",
      "SIEMENS SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) null",
      "Siemens SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) null",
      "Siemens SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) null",
      "SIEMENS SIMATIC IPC DiagBase null",
      "SIEMENS SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL(6AG2542-6VX00-4XE0) null",
      "SIEMENS SIPLUS ET 200SP CP 1543SP-1 ISEC(6AG1543-6WX00-7XE0) null",
      "SIEMENS SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL(6AG2543-6WX00-4XE0) null",
      "SIEMENS SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) \u003cV3.3",
      "SIEMENS SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) \u003cV3.3l",
      "Siemens SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) \u003cV2.3.6",
      "Siemens TIM 1531 IRC (6GK7543-1MX00-0XE0) \u003cV2.3.6"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf",
  "serverity": "\u9ad8",
  "submitTime": "2023-04-16",
  "title": "\u591a\u6b3eSiemens\u4ea7\u54c1\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2023-35759\uff09"
}

GSD-2022-43768

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.

Aliases

CVE-2022-43768

Aliases

CVE-2022-43768

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-43768",
    "id": "GSD-2022-43768"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-43768"
      ],
      "details": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (All versions \u003c V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (All versions \u003c V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions \u003c V2.3.6), TIM 1531 IRC (All versions \u003c V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.",
      "id": "GSD-2022-43768",
      "modified": "2023-12-13T01:19:31.634611Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2022-43768",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SIMATIC CP 1242-7 V2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC CP 1243-1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC CP 1243-7 LTE EU",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC CP 1243-7 LTE US",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC CP 1243-8 IRC",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC CP 1542SP-1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC CP 1542SP-1 IRC",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC CP 1543SP-1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC CP 443-1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V3.3"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V3.3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIMATIC CP 443-1 Advanced",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V3.3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIPLUS ET 200SP CP 1543SP-1 ISEC",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIPLUS NET CP 1242-7 V2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIPLUS NET CP 443-1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V3.3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIPLUS NET CP 443-1 Advanced",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V3.3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIPLUS S7-1200 CP 1243-1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIPLUS S7-1200 CP 1243-1 RAIL",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SIPLUS TIM 1531 IRC",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V2.3.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "TIM 1531 IRC",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V2.3.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (All versions \u003c V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (All versions \u003c V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions \u003c V2.3.6), TIM 1531 IRC (All versions \u003c V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-770",
                "lang": "eng",
                "value": "CWE-770: Allocation of Resources Without Limits or Throttling"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf",
            "refsource": "MISC",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1242-7_v2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1242-7_v2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-1_dnp3_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-1_dnp3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-1_iec_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-1_iec:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte_eu_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_eu:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte_us_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_us:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-8_irc_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-8_irc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1542sp-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1543sp-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_443-1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_443-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_443-1_advanced_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_443-1_advanced:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc_diagbase_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc_diagbase:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc_diagmonitor_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc_diagmonitor:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:siplus_net_cp_1242-7_v2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:siplus_net_cp_1242-7_v2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:siplus_net_cp_443-1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:siplus_net_cp_443-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:siplus_net_cp_443-1_advanced_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:siplus_net_cp_443-1_advanced:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_rail_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1_rail:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:siplus_tim_1531_irc_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.3.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:siplus_tim_1531_irc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.3.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2022-43768"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 (All versions \u003c V3.3), SIMATIC CP 443-1 Advanced (All versions \u003c V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions \u003c V3.3), SIPLUS NET CP 443-1 Advanced (All versions \u003c V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions \u003c V2.3.6), TIM 1531 IRC (All versions \u003c V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-770"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-05-09T13:15Z",
      "publishedDate": "2023-04-11T10:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-43768 (GCVE-0-2022-43768)

CERTFR-2023-AVI-0298

Solution

GHSA-WXPJ-F564-69X8

FKIE_CVE-2022-43768

CNVD-2023-35759

GSD-2022-43768

Tags

Sightings

Nomenclature