#VU75038 Allocation of Resources Without Limits or Throttling in Siemens products - CVE-2022-43768

Cybersecurity Help s.r.o.

Published: 2023-04-12

Vulnerability identifier: #VU75038

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-43768

CWE-ID: CWE-770

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SIMATIC CP 1242-7 V2
Hardware solutions / Firmware
SIMATIC CP 1243-1
Hardware solutions / Firmware
SIMATIC CP 1243-1 DNP3
Hardware solutions / Firmware
SIMATIC CP 1243-1 IEC
Hardware solutions / Firmware
SIMATIC CP 1243-7 LTE EU
Hardware solutions / Firmware
SIMATIC CP 1243-7 LTE US
Hardware solutions / Firmware
SIMATIC CP 1243-8 IRC
Hardware solutions / Firmware
SIMATIC CP 1542SP-1
Hardware solutions / Firmware
SIMATIC CP 1542SP-1 IRC
Hardware solutions / Firmware
SIMATIC CP 1543SP-1
Hardware solutions / Firmware
SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL
Hardware solutions / Firmware
SIPLUS ET 200SP CP 1543SP-1 ISEC
Hardware solutions / Firmware
SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL
Hardware solutions / Firmware
SIPLUS NET CP 1242-7 V2
Hardware solutions / Firmware
SIPLUS S7-1200 CP 1243-1
Hardware solutions / Firmware
SIPLUS S7-1200 CP 1243-1 RAIL
Hardware solutions / Firmware
SIMATIC CP 443-1
Hardware solutions / Firmware
SIPLUS NET CP 443-1
Hardware solutions / Firmware
SIPLUS NET CP 443-1 Advanced
Hardware solutions / Firmware
SIPLUS TIM 1531 IRC
Hardware solutions / Firmware
TIM 1531 IRC
Hardware solutions / Firmware
SIMATIC IPC DiagBase
Server applications / SCADA systems
SIMATIC IPC DiagMonitor
Server applications / SCADA systems
SIMATIC CP 443-1 Advanced
Server applications / SCADA systems

Vendor: Siemens

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to allocation of resources without limits or throttling. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

SIMATIC CP 1242-7 V2: All versions

SIMATIC CP 1243-1: All versions

SIMATIC CP 1243-1 DNP3: All versions

SIMATIC CP 1243-1 IEC: All versions

SIMATIC CP 1243-7 LTE EU: All versions

SIMATIC CP 1243-7 LTE US: All versions

SIMATIC CP 1243-8 IRC: All versions

SIMATIC CP 1542SP-1: All versions

SIMATIC CP 1542SP-1 IRC: All versions

SIMATIC CP 1543SP-1: All versions

SIMATIC IPC DiagBase: All versions

SIMATIC IPC DiagMonitor: All versions

SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL: All versions

SIPLUS ET 200SP CP 1543SP-1 ISEC: All versions

SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL: All versions

SIPLUS NET CP 1242-7 V2: All versions

SIPLUS S7-1200 CP 1243-1: All versions

SIPLUS S7-1200 CP 1243-1 RAIL: All versions

SIMATIC CP 443-1: before 3.3

SIMATIC CP 443-1 Advanced: before 3.3

SIPLUS NET CP 443-1: before 3.3

SIPLUS NET CP 443-1 Advanced: before 3.3

SIPLUS TIM 1531 IRC: before 2.3.6

TIM 1531 IRC: before 2.3.6

External links
https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Siemens Industrial Products