A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle HTTP(S) requests to the web server correctly.
This could allow an attacker to exhaust system resources and create a denial of service condition for the device.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf | Vendor Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
History
21 Nov 2024, 07:31
Type | Values Removed | Values Added |
---|---|---|
References | () https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf - Vendor Advisory |
18 Dec 2023, 14:52
Type | Values Removed | Values Added |
---|---|---|
References | () https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf - Vendor Advisory | |
CPE | cpe:2.3:o:siemens:6es7414-3fm07-0ab0_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:6es7412-2ek07-0ab0_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:sinamics_s120_firmware:4.8:*:*:*:*:*:*:* cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:-:*:*:*:*:*:* cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3_hotfix13:*:*:*:*:*:* cpe:2.3:o:siemens:6es7414-3em07-0ab0_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_pc-station_plus_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:sinamics_s120:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7416-3fs07-0ab0:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:sinamics_s120_firmware:5.1:sp1_hotfix1:*:*:*:*:*:* cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3:*:*:*:*:*:* cpe:2.3:o:siemens:sinamics_s120_firmware:5.0:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7414-3em07-0ab0:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3_hotfix6:*:*:*:*:*:* cpe:2.3:o:siemens:6es7416-3es07-0ab0_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:6ag1414-3em07-7ab0:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:sinamics_s120_firmware:5.1:sp1:*:*:*:*:*:* cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3_hotfix1:*:*:*:*:*:* cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:hotfix1:*:*:*:*:*:* cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:hotfix7:*:*:*:*:*:* cpe:2.3:h:siemens:6es7412-2ek07-0ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7414-3fm07-0ab0:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:sinamics_s120_firmware:4.7:*:*:*:*:*:*:* cpe:2.3:o:siemens:sinamics_s120_firmware:4.9:*:*:*:*:*:*:* cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:hotfix11:*:*:*:*:*:* cpe:2.3:o:siemens:sinamics_s120_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:sinamics_s120_firmware:5.1:sp1_hotfix13:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_pc-station_plus:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6ag1416-3es07-7ab0:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:6es7416-3es07-0ab0:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:6ag1414-3em07-7ab0_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3_hotfix9:*:*:*:*:*:* cpe:2.3:o:siemens:6es7416-3fs07-0ab0_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:6ag1416-3es07-7ab0_firmware:*:*:*:*:*:*:*:* |
12 Dec 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-12 12:15
Updated : 2024-11-21 07:31
NVD link : CVE-2022-47374
Mitre link : CVE-2022-47374
CVE.ORG link : CVE-2022-47374
JSON object : View
Products Affected
siemens
- 6es7412-2ek07-0ab0
- sinamics_s120
- simatic_pc-station_plus
- 6es7414-3em07-0ab0
- 6es7416-3es07-0ab0_firmware
- 6es7414-3em07-0ab0_firmware
- 6ag1416-3es07-7ab0_firmware
- 6es7416-3es07-0ab0
- 6ag1416-3es07-7ab0
- 6ag1414-3em07-7ab0_firmware
- 6es7416-3fs07-0ab0
- 6es7414-3fm07-0ab0
- 6ag1414-3em07-7ab0
- sinamics_s120_firmware
- simatic_pc-station_plus_firmware
- 6es7412-2ek07-0ab0_firmware
- 6es7414-3fm07-0ab0_firmware
- 6es7416-3fs07-0ab0_firmware
CWE
CWE-674
Uncontrolled Recursion