CVE-2022-47374

A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle HTTP(S) requests to the web server correctly. This could allow an attacker to exhaust system resources and create a denial of service condition for the device.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:siemens:6es7412-2ek07-0ab0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6es7412-2ek07-0ab0:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:6es7414-3em07-0ab0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6es7414-3em07-0ab0:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:6es7414-3fm07-0ab0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6es7414-3fm07-0ab0:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:6es7416-3es07-0ab0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6es7416-3es07-0ab0:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:siemens:6es7416-3fs07-0ab0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6es7416-3fs07-0ab0:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:siemens:6ag1414-3em07-7ab0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6ag1414-3em07-7ab0:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:siemens:6ag1416-3es07-7ab0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6ag1416-3es07-7ab0:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
OR cpe:2.3:o:siemens:sinamics_s120_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:4.7:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:4.8:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:4.9:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.0:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.1:sp1:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.1:sp1_hotfix1:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.1:sp1_hotfix13:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:-:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:hotfix1:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:hotfix11:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:hotfix7:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3_hotfix1:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3_hotfix13:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3_hotfix6:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3_hotfix9:*:*:*:*:*:*
cpe:2.3:h:siemens:sinamics_s120:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:siemens:simatic_pc-station_plus_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_pc-station_plus:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:31

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf - Vendor Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf - Vendor Advisory

18 Dec 2023, 14:52

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf - () https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf - Vendor Advisory
CPE cpe:2.3:o:siemens:6es7414-3fm07-0ab0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:6es7412-2ek07-0ab0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:4.8:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:-:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3_hotfix13:*:*:*:*:*:*
cpe:2.3:o:siemens:6es7414-3em07-0ab0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_pc-station_plus_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sinamics_s120:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6es7416-3fs07-0ab0:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.1:sp1_hotfix1:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.0:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6es7414-3em07-0ab0:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3_hotfix6:*:*:*:*:*:*
cpe:2.3:o:siemens:6es7416-3es07-0ab0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6ag1414-3em07-7ab0:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.1:sp1:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3_hotfix1:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:hotfix1:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:hotfix7:*:*:*:*:*:*
cpe:2.3:h:siemens:6es7412-2ek07-0ab0:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6es7414-3fm07-0ab0:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:4.7:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:4.9:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:hotfix11:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.1:sp1_hotfix13:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_pc-station_plus:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6ag1416-3es07-7ab0:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6es7416-3es07-0ab0:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:6ag1414-3em07-7ab0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3_hotfix9:*:*:*:*:*:*
cpe:2.3:o:siemens:6es7416-3fs07-0ab0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:6ag1416-3es07-7ab0_firmware:*:*:*:*:*:*:*:*

12 Dec 2023, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-12 12:15

Updated : 2024-11-21 07:31


NVD link : CVE-2022-47374

Mitre link : CVE-2022-47374

CVE.ORG link : CVE-2022-47374


JSON object : View

Products Affected

siemens

  • 6es7412-2ek07-0ab0
  • sinamics_s120
  • simatic_pc-station_plus
  • 6es7414-3em07-0ab0
  • 6es7416-3es07-0ab0_firmware
  • 6es7414-3em07-0ab0_firmware
  • 6ag1416-3es07-7ab0_firmware
  • 6es7416-3es07-0ab0
  • 6ag1416-3es07-7ab0
  • 6ag1414-3em07-7ab0_firmware
  • 6es7416-3fs07-0ab0
  • 6es7414-3fm07-0ab0
  • 6ag1414-3em07-7ab0
  • sinamics_s120_firmware
  • simatic_pc-station_plus_firmware
  • 6es7412-2ek07-0ab0_firmware
  • 6es7414-3fm07-0ab0_firmware
  • 6es7416-3fs07-0ab0_firmware
CWE
CWE-674

Uncontrolled Recursion