CVE-2022-25622

5.3MEDIUM

Key Information:

Vendor: Siemens
Status: Simatic Cfu Diq; Simatic Cfu Pa; Simatic Et 200al Im 157-1 Pn; Simatic Et 200mp Im 155-5 Pn Hf
Vendor: CVE Published:; 12 April 2022

Summary

The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined.

This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments.

Affected Version(s)

SIMATIC CFU DIQ 0

SIMATIC CFU PA 0

SIMATIC ET 200AL IM 157-1 PN All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-44644...

https://cert-portal.siemens.com/productcert/html/ssa-4464...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 12, 2022
Vulnerability Reserved
Feb 21, 2022