Denial of Service Vulnerability in PROFINET Stack from Siemens
CVE-2022-25622

5.3MEDIUM

Key Information:

Vendor: Siemens
Status: Simatic Cfu Diq; Simatic Cfu Pa; Simatic Et 200al Im 157-1 Pn; Simatic Et 200mp Im 155-5 Pn Hf
Vendor: CVE Published:; 12 April 2022

Summary

The PROFINET (PNIO) stack integrated with the Interniche IP stack is susceptible to vulnerabilities that arise from improper management of internal resources concerning TCP segments. Specifically, when the minimum TCP header length is defined incorrectly, this flaw can be exploited by attackers who send specially crafted TCP segments. Such manipulation can lead to an interruption of TCP services on the affected devices, resulting in a denial of service condition that can significantly impact operational availability.

Affected Version(s)

SIMATIC CFU DIQ 0

SIMATIC CFU PA 0

SIMATIC ET 200AL IM 157-1 PN All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-44644...

https://cert-portal.siemens.com/productcert/html/ssa-4464...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 12, 2022
Vulnerability Reserved
Feb 21, 2022