Input Validation Flaw in SIMATIC HMI Comfort Panels and KTP Mobile Panels by Siemens
CVE-2022-40227

7.5HIGH

Key Information:

Vendor: Siemens
Status: Simatic Hmi Comfort Panels (incl. Siplus Variants); Simatic Hmi Ktp Mobile Panels; Simatic Hmi Ktp1200 Basic; Simatic Hmi Ktp400 Basic
Vendor: CVE Published:; 11 October 2022

Summary

A vulnerability exists in various SIMATIC HMI devices from Siemens, allowing remote attackers to exploit input validation weaknesses across specific services accessed via TCP. By sending specially crafted TCP packets, an unauthenticated attacker could trigger a permanent denial of service condition, necessitating a reboot of the affected devices. This affects multiple models and versions, underscoring the critical need for updates to maintain operational integrity.

Affected Version(s)

SIMATIC HMI Comfort Panels (incl. SIPLUS variants) All versions < V17 Update 4

SIMATIC HMI KTP Mobile Panels All versions < V17 Update 4

SIMATIC HMI KTP1200 Basic All versions < V17 Update 5

References

https://cert-portal.siemens.com/productcert/pdf/ssa-38422...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Sep 8, 2022