Denial-of-Service vulnerability in Siemens SIMATIC and TIA Portal
CVE-2022-27194
7.5HIGH
Key Information:
- Vendor
- Siemens
- Vendor
- CVE Published:
- 12 April 2022
Summary
A vulnerability exists in Siemens SIMATIC PCS neo (Administration Console) and TIA Portal that allows a remote attacker to exploit specially crafted packets sent to port 8888/tcp. This flaw can result in a Denial-of-Service condition, necessitating manual restart of affected devices. Systems running versions of SIMATIC PCS neo prior to V3.1 SP1, SINETPLAN, and select TIA Portal versions are at risk. Proper measures should be taken to secure these systems against potential remote attacks.
Affected Version(s)
SIMATIC PCS neo (Administration Console) All versions < V3.1 SP1
SINETPLAN All versions
TIA Portal V15, V15.1, V16 and V17
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved