Denial of service vulnerability in Siemens CP-8000 and CP-8021 Master Modules
CVE-2022-29884

7.5HIGH

Key Information:

Vendor: Siemens
Status: Cp-8000 Master Module With I/o -25/+70°c; Cp-8000 Master Module With I/o -40/+70°c; Cp-8021 Master Module; Cp-8022 Master Module With Gprs
Vendor: CVE Published:; 12 July 2022

Summary

A vulnerability has been discovered in various Siemens CP-8000 and CP-8021 Master Modules, where improper resource handling under certain HTTPS server conditions allows an unauthenticated remote attacker to trigger a denial of service. This affects all versions prior to CPC80 V16.30, potentially leading to device malfunctions and service interruptions.

Affected Version(s)

CP-8000 MASTER MODULE WITH I/O -25/+70°C All versions < CPC80 V16.30

CP-8000 MASTER MODULE WITH I/O -40/+70°C All versions < CPC80 V16.30

CP-8021 MASTER MODULE All versions < CPC80 V16.30

References

https://cert-portal.siemens.com/productcert/pdf/ssa-49162...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 12, 2022
Vulnerability Reserved
Apr 28, 2022