CVE-2022-25622

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

7.5HIGH

EPSS

0.1%

top 69.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic CFU DIQ Siemens Simatic CFU PA Siemens Simatic ET 200mp IM 155-5 PN HF +66 more

Timeline

PublishedApr 12

Latest updateApr 13

Description

The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages69 packages

▶CVEListV5siemens/sinamics_dcm< V1.5 SP1

▶CVEListV5siemens/sinamics_v90< V1.04.04

▶CVEListV5siemens/sinamics_g130< V5.2.3.13

▶CVEListV5siemens/sinamics_g150< V5.2.3.13

▶CVEListV5siemens/sinamics_s110< *

🔴Vulnerability Details

GHSA

GHSA-pgxc-2q22-7c2f: A vulnerability has been identified in SIMATIC CFU DIQ (All versions), SIMATIC CFU PA (All versions), SIMATIC S7-1500 CPU family (incl↗2022-04-13

▶

CVEList

CVE-2022-25622: The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-↗2022-04-12

▶