Heap-based Buffer Overflow in Siemens SIMATIC Processors
CVE-2022-34819

10CRITICAL

Key Information:

Vendor: Siemens
Status: Simatic Cp 1242-7 V2; Simatic Cp 1243-1; Simatic Cp 1243-7 Lte Eu; Simatic Cp 1243-7 Lte Us
Vendor: CVE Published:; 12 July 2022

Summary

A significant heap-based buffer overflow vulnerability has been detected in multiple models of Siemens SIMATIC processors. The issue arises from improper validation of user-supplied data during the parsing of specific messages. An attacker exploiting this flaw could potentially execute arbitrary code within the context of the device, compromising its integrity. It is essential to patch affected versions to mitigate the risk of unauthorized access and control.

Affected Version(s)

SIMATIC CP 1242-7 V2 All versions < V3.3.46

SIMATIC CP 1243-1 All versions < V3.3.46

SIMATIC CP 1243-7 LTE EU All versions < V3.3.46

References

https://cert-portal.siemens.com/productcert/pdf/ssa-51737...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 12, 2022
Vulnerability Reserved
Jun 29, 2022