Denial-of-Service vulnerability in Siemens SIMATIC and TIA Portal
CVE-2022-27194

7.5HIGH

Key Information:

Vendor
Siemens
Vendor
CVE Published:
12 April 2022

Summary

A vulnerability exists in Siemens SIMATIC PCS neo (Administration Console) and TIA Portal that allows a remote attacker to exploit specially crafted packets sent to port 8888/tcp. This flaw can result in a Denial-of-Service condition, necessitating manual restart of affected devices. Systems running versions of SIMATIC PCS neo prior to V3.1 SP1, SINETPLAN, and select TIA Portal versions are at risk. Proper measures should be taken to secure these systems against potential remote attacks.

Affected Version(s)

SIMATIC PCS neo (Administration Console) All versions < V3.1 SP1

SINETPLAN All versions

TIA Portal V15, V15.1, V16 and V17

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.