CVE-2022-25622 Information

Description

A vulnerability has been identified in SIMATIC CFU DIQ (All versions) SIMATIC CFU PA (All versions) SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0.0) SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions) SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10) SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions) SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions) SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions) SIMATIC TDC CP51M1 (All versions) SIMATIC TDC CPU555 (All versions) SIMATIC WinAC RTX (All versions) SIMIT Simulation Platform (All versions). The PROFINET (PNIO) stack when integrated with the Interniche IP stack improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdf

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5