Buffer Overflow Vulnerability in SIMATIC and SINAMICS Products by Siemens
CVE-2022-47375

7.5HIGH

Key Information:

Vendor: Siemens
Status: SIMATIC PC-Station Plus; SIMATIC S7-400 CPU 412-2 PN V7; SIMATIC S7-400 CPU 414-3 PN/DP V7; SIMATIC S7-400 CPU 414F-3 PN/DP V7
Vendor: CVE Published:; 12 December 2023

Summary

A buffer overflow vulnerability exists in various Siemens SIMATIC PC-Station Plus and S7-400 CPU products, as well as SINAMICS S120 devices. The issue arises from the improper handling of long file names, potentially allowing an attacker to exploit this flaw. This exploitation could lead to a denial of service condition, affecting device availability and operational continuity. Users are encouraged to assess their systems and apply appropriate security measures to mitigate potential risks.

Affected Version(s)

SIMATIC PC-Station Plus All versions

SIMATIC S7-400 CPU 412-2 PN V7 All versions

SIMATIC S7-400 CPU 414-3 PN/DP V7 All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-89291...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Dec 13, 2022