CVE-2022-40227

{"id": "CVE-2022-40227", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-10-11T11:15:10.940", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-384224.pdf", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V17 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V17 Update 4), SIMATIC HMI KTP1200 Basic (All versions < V17 Update 5), SIMATIC HMI KTP400 Basic (All versions < V17 Update 5), SIMATIC HMI KTP700 Basic (All versions < V17 Update 5), SIMATIC HMI KTP900 Basic (All versions < V17 Update 5), SIPLUS HMI KTP1200 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP400 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP700 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP900 BASIC (All versions < V17 Update 5). Affected devices do not properly validate input sent to certain services over TCP. This could allow an unauthenticated remote attacker to cause a permanent denial of service condition (requiring a device reboot) by sending specially crafted TCP packets."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en los paneles SIMATIC HMI Comfort (incl. variantes SIPLUS) (Todas las versiones anteriores a V17 Actualizaci\u00f3n 4), SIMATIC HMI KTP Mobile Panels (Todas las versiones anteriores a V17 Actualizaci\u00f3n 4), SIMATIC HMI KTP1200 Basic (Todas las versiones anteriores a V17 Actualizaci\u00f3n 5), SIMATIC HMI KTP400 Basic (Todas las versiones anteriores a V17 Actualizaci\u00f3n 5), SIMATIC HMI KTP700 Basic (Todas las versiones anteriores a V17 Actualizaci\u00f3n 5), SIMATIC HMI KTP900 Basic (Todas las versiones anteriores a V17 Actualizaci\u00f3n 5), SIPLUS HMI KTP1200 BASIC (Todas las versiones anteriores a V17 Actualizaci\u00f3n 5), SIPLUS HMI KTP400 BASIC (Todas las versiones anteriores a V17 Actualizaci\u00f3n 5), SIPLUS HMI KTP700 BASIC (Todas las versiones anteriores a V17 Actualizaci\u00f3n 5), SIPLUS HMI KTP900 BASIC (Todas las versiones anteriores a V17 Actualizaci\u00f3n 5). Los dispositivos afectados no comprueban apropiadamente la entrada enviada a determinados servicios a trav\u00e9s de TCP. Esto podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio permanente (requiriendo un reinicio del dispositivo) mediante el env\u00edo de paquetes TCP especialmente dise\u00f1ados"}], "lastModified": "2022-10-14T17:07:23.703", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DCFD529-DCC6-42FE-8691-AE5B6695803D", "versionEndExcluding": "17.0"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:17.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EBEE7D5-F809-4225-9A06-7206020EBFB7"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:17.0:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B09B136A-D79C-479F-B8C3-8205D9C07096"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:17.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "746EF905-2BE7-4D2D-A835-BD45A7EC0E20"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:17.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BACB3952-99E2-4435-9ED8-062121F64B74"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_hmi_comfort_panels:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3BCFE761-35C9-43EF-85BC-E8083B9F75CB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp400_basic_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB67AB83-24D3-44C7-88EB-9F86C1377FE6", "versionEndExcluding": "17.0"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp400_basic_firmware:17.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C1B107D-7299-4B35-8B8A-2C7604D7E053"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp400_basic_firmware:17.0:udpate1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CC31D37-01CC-47BF-B914-C01D67E5F7CF"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp400_basic_firmware:17.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB517965-7DEA-4F36-9F8C-CD2ACA70011E"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp400_basic_firmware:17.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30D445ED-DCC8-48CC-9964-99594941E0C2"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp400_basic_firmware:17.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F89742F-A83A-47D4-9B7B-FC938E122374"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_hmi_ktp400_basic:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0222A331-0D6B-4CF0-AAC8-8874A8C2920D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp700_basic_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AC9BB91-C4E1-4EE3-8FB6-011D81E335B2", "versionEndExcluding": "17.0"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp700_basic_firmware:17.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBE0FA3D-E20D-4428-9882-04008F77D7DF"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp700_basic_firmware:17.0:udpate1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "893C0FF7-56D7-42C5-8175-E9A220D9FD8B"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp700_basic_firmware:17.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "917B4B04-4AED-45C9-AB84-6C2033666284"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp700_basic_firmware:17.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5DD16C0-2E48-44F5-9702-80370285A6A7"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp700_basic_firmware:17.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E521B7A5-C8BD-4CBD-8D07-7173523D9947"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_hmi_ktp700_basic:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D8615AE0-0560-4026-89E5-9122F7846318"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp900_basic_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76F77DAF-1863-4DA7-8900-56A2C3377F56", "versionEndExcluding": "17.0"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp900_basic_firmware:17.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F4D22C3-1A81-4CC0-94EA-D4B5AEF7103C"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp900_basic_firmware:17.0:udpate1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66CF9CE6-C351-4F55-9CEC-EF28237A6765"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp900_basic_firmware:17.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A113518-2D32-4C1F-ADEA-F02A24509454"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp900_basic_firmware:17.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8264F3AE-8DFF-4462-8073-BDCD45A874D4"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp900_basic_firmware:17.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA5DB18E-258F-4E50-97D6-B4067F747F9C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_hmi_ktp900_basic:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9D2CB1B6-8864-486F-B6F8-9008367C5520"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp1200_basic_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50D8577F-6CE5-4407-A875-06321EEEA38E", "versionEndExcluding": "17.0"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp1200_basic_firmware:17.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BAD5042-0834-44DB-984D-BBC15F61C336"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp1200_basic_firmware:17.0:udpate1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9DA5CB7-6566-4941-980A-AEE3FB303823"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp1200_basic_firmware:17.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C724EA7-F8D2-41A3-83D1-584980D49879"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp1200_basic_firmware:17.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DA2E685-01A0-4CFE-B0C9-457F5EF7319F"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp1200_basic_firmware:17.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73087669-4164-4A95-AB5B-652032BCD204"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_hmi_ktp1200_basic:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CF65C523-5AFA-46C4-BB97-5E540A4FAF33"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B580B36D-225C-4826-A9F7-18B98B5F6ADC", "versionEndExcluding": "17.0"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:17.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "072043EB-B855-4F1A-A326-F135C557FC1C"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:17.0:udpate1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBC6C232-8DA0-46EA-9F45-6C71E43622D5"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:17.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8981B34C-287F-4121-9CF7-5F08D79D50FA"}, {"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:17.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34D094D0-A74A-4924-A969-A60E4BFC63B7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B1CEB200-E38F-4629-9279-5AF065396678"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp400_basic_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CDE46F2-DDE2-448F-9F50-324D3D5BAAAF", "versionEndExcluding": "17.0"}, {"criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp400_basic_firmware:17.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3933A5FE-62D7-407D-A381-0132ECC87B95"}, {"criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp400_basic_firmware:17.0:udpate1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8D306FA-B376-431E-87AE-CECBB36D579A"}, {"criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp400_basic_firmware:17.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D45398C-11BE-4074-B48D-2B59A1861706"}, {"criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp400_basic_firmware:17.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78B8C304-65CC-4AF4-8CD9-1ADC4F75FD79"}, {"criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp400_basic_firmware:17.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93D82946-53FC-456F-AC56-7F29EE7B8CED"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_hmi_ktp400_basic:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2AC3E1B0-CC2B-4C34-AB6F-C61D2DF8DCA2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp700_basic_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D7E344E-50C0-46CB-BB23-DBD9C6D587EC", "versionEndExcluding": "17.0"}, {"criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp700_basic_firmware:17.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A97BEBC-ED88-4FA7-B3E2-00398B454038"}, {"criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp700_basic_firmware:17.0:udpate1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E15BF5CD-F348-4AD5-A86A-4DE4436ECB5D"}, {"criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp700_basic_firmware:17.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70BDFDFF-3B0E-4180-B525-C36D47D49655"}, {"criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp700_basic_firmware:17.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "970D3ED3-27A1-4960-B3B6-21733D9E4943"}, {"criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp700_basic_firmware:17.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3BD885C-F063-41C6-837B-50281269611E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_hmi_ktp700_basic:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "01AADB5B-4072-447D-A9BF-A0108334D727"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp900_basic_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0426D469-72EE-4D66-987E-C21BDB9867CB", "versionEndExcluding": "17.0"}, {"criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp900_basic_firmware:17.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "431D187E-A8F3-4586-B7C8-72D98976A59B"}, {"criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp900_basic_firmware:17.0:udpate1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D652CF29-8521-45B3-AA50-55F3D4D83140"}, {"criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp900_basic_firmware:17.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DADE0CDD-474E-48C5-9A17-3B9621B34218"}, {"criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp900_basic_firmware:17.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BDE0B2E-B8D4-4FD1-85B0-DAD4B5AAC160"}, {"criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp900_basic_firmware:17.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02CE0AF1-7EC1-4CEF-BD42-7C4AD2684A71"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_hmi_ktp900_basic:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0C79F9E9-D9B6-4D6B-9B6F-006E3268EEAC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp1200_basic_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11713C91-C989-417A-85F3-6744E9F420A4", "versionEndExcluding": "17.0"}, {"criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp1200_basic_firmware:17.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "031AEC4F-FCE6-4F79-B372-4D07485E20A7"}, {"criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp1200_basic_firmware:17.0:udpate1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "881F137C-1F01-4225-9257-08ED9F53583C"}, {"criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp1200_basic_firmware:17.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B9DB1DC-EC61-4B84-8624-863B4E4954AF"}, {"criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp1200_basic_firmware:17.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2019CF4C-4555-4357-8B8B-63895206BEE6"}, {"criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp1200_basic_firmware:17.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B92136E9-C281-43BB-BF65-EC8729C31BB0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_hmi_ktp1200_basic:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F3F61D1C-1127-4F37-BA30-3F36830FDF20"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "productcert@siemens.com"}