Multiple vulnerabilities in Siemens Industrial Products
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2022-43716 CVE-2022-43767 CVE-2022-43768 |
| CWE-ID | CWE-416 CWE-833 CWE-770 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SIMATIC CP 1242-7 V2 Hardware solutions / Firmware SIMATIC CP 1243-1 Hardware solutions / Firmware SIMATIC CP 1243-1 DNP3 Hardware solutions / Firmware SIMATIC CP 1243-1 IEC Hardware solutions / Firmware SIMATIC CP 1243-7 LTE EU Hardware solutions / Firmware SIMATIC CP 1243-7 LTE US Hardware solutions / Firmware SIMATIC CP 1243-8 IRC Hardware solutions / Firmware SIMATIC CP 1542SP-1 Hardware solutions / Firmware SIMATIC CP 1542SP-1 IRC Hardware solutions / Firmware SIMATIC CP 1543SP-1 Hardware solutions / Firmware SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL Hardware solutions / Firmware SIPLUS ET 200SP CP 1543SP-1 ISEC Hardware solutions / Firmware SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL Hardware solutions / Firmware SIPLUS NET CP 1242-7 V2 Hardware solutions / Firmware SIPLUS S7-1200 CP 1243-1 Hardware solutions / Firmware SIPLUS S7-1200 CP 1243-1 RAIL Hardware solutions / Firmware SIMATIC CP 443-1 Hardware solutions / Firmware SIPLUS NET CP 443-1 Hardware solutions / Firmware SIPLUS NET CP 443-1 Advanced Hardware solutions / Firmware SIPLUS TIM 1531 IRC Hardware solutions / Firmware TIM 1531 IRC Hardware solutions / Firmware SIMATIC IPC DiagBase Server applications / SCADA systems SIMATIC IPC DiagMonitor Server applications / SCADA systems SIMATIC CP 443-1 Advanced Server applications / SCADA systems |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU75036
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-43716
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the webserver. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSIMATIC CP 1242-7 V2: All versions
SIMATIC CP 1243-1: All versions
SIMATIC CP 1243-1 DNP3: All versions
SIMATIC CP 1243-1 IEC: All versions
SIMATIC CP 1243-7 LTE EU: All versions
SIMATIC CP 1243-7 LTE US: All versions
SIMATIC CP 1243-8 IRC: All versions
SIMATIC CP 1542SP-1: All versions
SIMATIC CP 1542SP-1 IRC: All versions
SIMATIC CP 1543SP-1: All versions
SIMATIC IPC DiagBase: All versions
SIMATIC IPC DiagMonitor: All versions
SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL: All versions
SIPLUS ET 200SP CP 1543SP-1 ISEC: All versions
SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL: All versions
SIPLUS NET CP 1242-7 V2: All versions
SIPLUS S7-1200 CP 1243-1: All versions
SIPLUS S7-1200 CP 1243-1 RAIL: All versions
SIMATIC CP 443-1: before 3.3
SIMATIC CP 443-1 Advanced: before 3.3
SIPLUS NET CP 443-1: before 3.3
SIPLUS NET CP 443-1 Advanced: before 3.3
SIPLUS TIM 1531 IRC: before 2.3.6
TIM 1531 IRC: before 2.3.6
CPE2.3- cpe:2.3:h:siemens:simatic_cp_1242-7_v2:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1243-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1243-1_dnp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1243-1_iec:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1243-7_lte_eu:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1243-7_lte_us:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1243-8_irc:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1542sp-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1543sp-1:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc_diagbase:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc_diagmonitor:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_net_cp_1242-7_v2:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1_rail:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_443-1:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_cp_443-1_advanced:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_net_cp_443-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_net_cp_443-1_advanced:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_tim_1531_irc:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:tim_1531_irc:*:*:*:*:*:*:*:*
https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Deadlock
EUVDB-ID: #VU75037
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-43767
CWE-ID:
CWE-833 - Deadlock
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a deadlock issue in webserver. A remote attacker can cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSIMATIC CP 1242-7 V2: All versions
SIMATIC CP 1243-1: All versions
SIMATIC CP 1243-1 DNP3: All versions
SIMATIC CP 1243-1 IEC: All versions
SIMATIC CP 1243-7 LTE EU: All versions
SIMATIC CP 1243-7 LTE US: All versions
SIMATIC CP 1243-8 IRC: All versions
SIMATIC CP 1542SP-1: All versions
SIMATIC CP 1542SP-1 IRC: All versions
SIMATIC CP 1543SP-1: All versions
SIMATIC IPC DiagBase: All versions
SIMATIC IPC DiagMonitor: All versions
SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL: All versions
SIPLUS ET 200SP CP 1543SP-1 ISEC: All versions
SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL: All versions
SIPLUS NET CP 1242-7 V2: All versions
SIPLUS S7-1200 CP 1243-1: All versions
SIPLUS S7-1200 CP 1243-1 RAIL: All versions
SIMATIC CP 443-1: before 3.3
SIMATIC CP 443-1 Advanced: before 3.3
SIPLUS NET CP 443-1: before 3.3
SIPLUS NET CP 443-1 Advanced: before 3.3
SIPLUS TIM 1531 IRC: before 2.3.6
TIM 1531 IRC: before 2.3.6
CPE2.3- cpe:2.3:h:siemens:simatic_cp_1242-7_v2:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1243-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1243-1_dnp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1243-1_iec:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1243-7_lte_eu:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1243-7_lte_us:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1243-8_irc:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1542sp-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1543sp-1:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc_diagbase:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc_diagmonitor:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_net_cp_1242-7_v2:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1_rail:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_443-1:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_cp_443-1_advanced:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_net_cp_443-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_net_cp_443-1_advanced:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_tim_1531_irc:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:tim_1531_irc:*:*:*:*:*:*:*:*
https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Allocation of Resources Without Limits or Throttling
EUVDB-ID: #VU75038
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-43768
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to allocation of resources without limits or throttling. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSIMATIC CP 1242-7 V2: All versions
SIMATIC CP 1243-1: All versions
SIMATIC CP 1243-1 DNP3: All versions
SIMATIC CP 1243-1 IEC: All versions
SIMATIC CP 1243-7 LTE EU: All versions
SIMATIC CP 1243-7 LTE US: All versions
SIMATIC CP 1243-8 IRC: All versions
SIMATIC CP 1542SP-1: All versions
SIMATIC CP 1542SP-1 IRC: All versions
SIMATIC CP 1543SP-1: All versions
SIMATIC IPC DiagBase: All versions
SIMATIC IPC DiagMonitor: All versions
SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL: All versions
SIPLUS ET 200SP CP 1543SP-1 ISEC: All versions
SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL: All versions
SIPLUS NET CP 1242-7 V2: All versions
SIPLUS S7-1200 CP 1243-1: All versions
SIPLUS S7-1200 CP 1243-1 RAIL: All versions
SIMATIC CP 443-1: before 3.3
SIMATIC CP 443-1 Advanced: before 3.3
SIPLUS NET CP 443-1: before 3.3
SIPLUS NET CP 443-1 Advanced: before 3.3
SIPLUS TIM 1531 IRC: before 2.3.6
TIM 1531 IRC: before 2.3.6
CPE2.3- cpe:2.3:h:siemens:simatic_cp_1242-7_v2:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1243-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1243-1_dnp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1243-1_iec:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1243-7_lte_eu:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1243-7_lte_us:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1243-8_irc:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1542sp-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_1543sp-1:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc_diagbase:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc_diagmonitor:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_net_cp_1242-7_v2:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1_rail:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_cp_443-1:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_cp_443-1_advanced:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_net_cp_443-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_net_cp_443-1_advanced:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:siplus_tim_1531_irc:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:tim_1531_irc:*:*:*:*:*:*:*:*
https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
