CVE-2022-34820
published 2022-07-12CVE-2022-34820: A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions = V2.0 = V2.0 = V2.0 = V2.0 = V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.65%
73.6th percentile
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions = V2.0 = V2.0 = V2.0 = V2.0 = V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). The application does not correctly escape some user provided fields during the authentication process. This could allow an attacker to inject custom commands and execute arbitrary code with elevated privileges.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_cp_1242-7_v2 | — | — |
| siemens | simatic_cp_1242-7_v2_firmware | < 3.3.46 | 3.3.46 |
| siemens | simatic_cp_1243-1 | — | — |
| siemens | simatic_cp_1243-1_firmware | < 3.3.46 | 3.3.46 |
| siemens | simatic_cp_1243-7_lte_eu | — | — |
| siemens | simatic_cp_1243-7_lte_eu_firmware | < 3.3.46 | 3.3.46 |
| siemens | simatic_cp_1243-7_lte_us | — | — |
| siemens | simatic_cp_1243-7_lte_us_firmware | < 3.3.46 | 3.3.46 |
| siemens | simatic_cp_1243-8_irc | — | — |
| siemens | simatic_cp_1243-8_irc_firmware | < 3.3.46 | 3.3.46 |
| siemens | simatic_cp_1542sp-1_irc | — | — |
| siemens | simatic_cp_1542sp-1_irc_firmware | >= 2.0 < 2.2.28 | 2.2.28 |
| siemens | simatic_cp_1543-1 | — | — |
| siemens | simatic_cp_1543-1_firmware | < 3.0.22 | 3.0.22 |
| siemens | simatic_cp_1543sp-1 | — | — |
| siemens | simatic_cp_1543sp-1_firmware | >= 2.0 < 2.2.28 | 2.2.28 |
| siemens | siplus_et_200sp_cp_1542sp-1_irc_tx_rail | — | — |
| siemens | siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware | >= 2.0 < 2.2.28 | 2.2.28 |
| siemens | siplus_et_200sp_cp_1543sp-1_isec | — | — |
| siemens | siplus_et_200sp_cp_1543sp-1_isec_firmware | >= 2.0 < 2.2.28 | 2.2.28 |
| siemens | siplus_et_200sp_cp_1543sp-1_isec_tx_rail | — | — |
| siemens | siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware | >= 2.0 < 2.2.28 | 2.2.28 |
| siemens | siplus_net_cp_1242-7_v2 | — | — |
| siemens | siplus_net_cp_1242-7_v2_firmware | < 3.3.46 | 3.3.46 |
| siemens | siplus_net_cp_1543-1 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2022-34820 is exploited during the SRCS VPN authentication process — monitor for anomalous or malformed authentication messages to SIMATIC CP devices over the SINEMA Remote Connect Server (SRCS) VPN channel. ↗
- →The attack vector is adjacent network (AV:A) with high-privilege requirement (PR:H), meaning exploitation requires an attacker with elevated credentials on an adjacent network segment — focus detection on privileged sessions to CP devices over the SRCS VPN feature. ↗
- →Detect or block traffic to/from SINEMA Remote Connect Server (SRCS) VPN feature on affected SIMATIC CP devices; disabling the SRCS VPN feature eliminates the attack surface for this CVE. ↗
- ·No known public exploits exist for this vulnerability at time of advisory publication. ↗
- ·Exploitation requires the SINEMA Remote Connect Server (SRCS) VPN feature to be in use; devices not using this feature are not exposed to this specific attack path. ↗
- ·Several affected product families (SIMATIC CP 1542SP-1 IRC, CP 1543SP-1, and SIPLUS ET 200SP variants) have no fixed version available — all versions v2.0 and later remain vulnerable; mitigations are the only recourse for these models. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6j7x-87cm-p532: A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-7 LTE EU (All versions),
ghsa_unreviewed·2022-07-13
CVE-2022-34820 [CRITICAL] CWE-116 GHSA-6j7x-87cm-p532: A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-7 LTE EU (All versions),
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0), SIMATIC CP 1543-1 (All versions = V2.0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions). The application does not correctly escape some user provided fields during the authentication process. This could allow a
CISA ICS
Siemens SRCS VPN Feature in SIMATIC CP Devices (Update A)
cisa_ics·2022-07-14
Siemens SRCS VPN Feature in SIMATIC CP Devices (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SRCS VPN Feature in SIMATIC CP Devices (Update A)
Last RevisedAugust 11, 2022
Alert CodeICSA-22-195-12
## As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC CP Devices
- Vuln
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-07-12
Published