TCP Packet Handling Issue in SCALANCE W1788 Series by Siemens
CVE-2022-28329

6.5MEDIUM

Key Information:

Vendor: Siemens
Status: Scalance W1788-1 M12; Scalance W1788-2 Eec M12; Scalance W1788-2 M12; Scalance W1788-2ia M12
Vendor: CVE Published:; 12 April 2022

Summary

A vulnerability exists in multiple models of the SCALANCE W1788 series by Siemens, where the devices fail to properly process malformed TCP packets that are sent via the RemoteCapture feature. This weakness can be exploited by an attacker to trigger a denial of service condition, affecting the specific port utilized by this feature and potentially leading to disruptions in network operations.

Affected Version(s)

SCALANCE W1788-1 M12 All versions < V3.0.0

SCALANCE W1788-2 EEC M12 All versions < V3.0.0

SCALANCE W1788-2 M12 All versions < V3.0.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-39291...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 12, 2022
Vulnerability Reserved
Apr 1, 2022