Denial of Service Vulnerability in Siemens SIMATIC CP and SIPLUS Products
CVE-2022-43768

7.5HIGH

Key Information:

Vendor
Siemens
Status
Simatic Cp 1242-7 V2
Simatic Cp 1243-1
Simatic Cp 1243-1 Dnp3 (incl. Siplus Variants)
Simatic Cp 1243-1 Iec (incl. Siplus Variants)
Vendor
CVE Published:
11 April 2023

Summary

A vulnerability exists in the webserver of Siemens SIMATIC CP and SIPLUS products that may expose these systems to a denial of service condition. By exploiting this vulnerability, an attacker can disrupt the availability of the webserver, potentially halting operations dependent on the affected devices. Affected devices include multiple variants of the SIMATIC CP series, including CP 1242-7, CP 1243-1, and others, across various versions prior to specified patches. Users are recommended to apply security updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

SIMATIC CP 1242-7 V2 0

SIMATIC CP 1243-1 0

SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-56690...
https://cert-portal.siemens.com/productcert/html/ssa-1396...
https://cert-portal.siemens.com/productcert/html/ssa-5669...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.