cbcvebase.
CVE-2022-25622
published 2022-04-12

CVE-2022-25622: The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header…

high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments.

Affected

69 ranges· showing 25
VendorProductVersion rangeFixed in
siemenssimatic_cfu_diq< V2.0.0V2.0.0
siemenssimatic_cfu_pa< V2.0.0V2.0.0
siemenssimatic_et_200al_im_157-1_pn
siemenssimatic_et_200mp_im_155-5_pn_hf>= V4.2.0 < **
siemenssimatic_et_200pro_im_154-8_pn_dp_cpu
siemenssimatic_et_200pro_im_154-8f_pn_dp_cpu
siemenssimatic_et_200pro_im_154-8fx_pn_dp_cpu
siemenssimatic_et_200s_im_151-8_pn_dp_cpu
siemenssimatic_et_200s_im_151-8f_pn_dp_cpu
siemenssimatic_et_200sp_im_155-6_mf_hf< **
siemenssimatic_et_200sp_im_155-6_pn_2_hf>= V4.2.0 < **
siemenssimatic_et_200sp_im_155-6_pn_3_hf>= V4.2.0 < **
siemenssimatic_et_200sp_im_155-6_pn_ha
siemenssimatic_et_200sp_im_155-6_pn_hf>= V4.2.0 < **
siemenssimatic_pn_mf_coupler
siemenssimatic_pn_pn_coupler
siemenssimatic_s7-1500_cpu_family
siemenssimatic_s7-1500_cpu_firmware< 2.0.02.0.0
siemenssimatic_s7-300_cpu_314c-2_pn_dp
siemenssimatic_s7-300_cpu_315-2_pn_dp
siemenssimatic_s7-300_cpu_315f-2_pn_dp
siemenssimatic_s7-300_cpu_315t-3_pn_dp
siemenssimatic_s7-300_cpu_317-2_pn_dp
siemenssimatic_s7-300_cpu_317f-2_pn_dp
siemenssimatic_s7-300_cpu_317t-3_pn_dp