Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-25622

The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments.

Published

2022-04-12T09:15:14.483

Last Modified

2024-11-21T06:52:27.700

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-400
  • Type: Primary
    CWE-400
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System siemens simatic_cfu_diq_firmware * Yes
Hardware siemens simatic_cfu_diq - No
Operating System siemens simatic_cfu_pa_firmware * Yes
Hardware siemens simatic_cfu_pa - No
Operating System siemens simatic_s7-300_cpu_firmware * Yes
Hardware siemens simatic_s7-300_cpu - No
Operating System siemens simatic_s7-400h_v6_firmware * Yes
Hardware siemens simatic_s7-400h_v6 - No
Operating System siemens simatic_s7-400_pn\/dp_v7_firmware * Yes
Hardware siemens simatic_s7-400_pn\/dp_v7 - No
Operating System siemens simatic_s7-410_v8_firmware * Yes
Hardware siemens simatic_s7-410_v8 - No
Operating System siemens simatic_s7-410_v10_firmware * Yes
Hardware siemens simatic_s7-410_v10 - No
Operating System siemens simatic_s7-1500_cpu_firmware < 2.0.0 Yes
Hardware siemens simatic_s7-1500_cpu - No
Operating System siemens simatic_tdc_cp51m1_firmware * Yes
Hardware siemens simatic_tdc_cp51m1 - No
Operating System siemens simatic_tdc_cpu555_firmware * Yes
Hardware siemens simatic_tdc_cpu555 - No
Operating System siemens simatic_winac_rtx_firmware * Yes
Hardware siemens simatic_winac_rtx - No
Application siemens simit_simulation_platform * Yes
References