cbcvebase.
CVE-2022-34820
published 2022-07-12

CVE-2022-34820: A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions = V2.0 = V2.0 = V2.0 = V2.0 = V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions…

PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.65%
73.6th percentile
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions = V2.0 = V2.0 = V2.0 = V2.0 = V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). The application does not correctly escape some user provided fields during the authentication process. This could allow an attacker to inject custom commands and execute arbitrary code with elevated privileges.

Affected

30 ranges· showing 25
VendorProductVersion rangeFixed in
siemenssimatic_cp_1242-7_v2
siemenssimatic_cp_1242-7_v2_firmware< 3.3.463.3.46
siemenssimatic_cp_1243-1
siemenssimatic_cp_1243-1_firmware< 3.3.463.3.46
siemenssimatic_cp_1243-7_lte_eu
siemenssimatic_cp_1243-7_lte_eu_firmware< 3.3.463.3.46
siemenssimatic_cp_1243-7_lte_us
siemenssimatic_cp_1243-7_lte_us_firmware< 3.3.463.3.46
siemenssimatic_cp_1243-8_irc
siemenssimatic_cp_1243-8_irc_firmware< 3.3.463.3.46
siemenssimatic_cp_1542sp-1_irc
siemenssimatic_cp_1542sp-1_irc_firmware>= 2.0 < 2.2.282.2.28
siemenssimatic_cp_1543-1
siemenssimatic_cp_1543-1_firmware< 3.0.223.0.22
siemenssimatic_cp_1543sp-1
siemenssimatic_cp_1543sp-1_firmware>= 2.0 < 2.2.282.2.28
siemenssiplus_et_200sp_cp_1542sp-1_irc_tx_rail
siemenssiplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware>= 2.0 < 2.2.282.2.28
siemenssiplus_et_200sp_cp_1543sp-1_isec
siemenssiplus_et_200sp_cp_1543sp-1_isec_firmware>= 2.0 < 2.2.282.2.28
siemenssiplus_et_200sp_cp_1543sp-1_isec_tx_rail
siemenssiplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware>= 2.0 < 2.2.282.2.28
siemenssiplus_net_cp_1242-7_v2
siemenssiplus_net_cp_1242-7_v2_firmware< 3.3.463.3.46
siemenssiplus_net_cp_1543-1

Detection & IOCsextracted from sources · hover to see the quote

port5243/UDP
  • CVE-2022-34820 is exploited during the SRCS VPN authentication process — monitor for anomalous or malformed authentication messages to SIMATIC CP devices over the SINEMA Remote Connect Server (SRCS) VPN channel.
  • The attack vector is adjacent network (AV:A) with high-privilege requirement (PR:H), meaning exploitation requires an attacker with elevated credentials on an adjacent network segment — focus detection on privileged sessions to CP devices over the SRCS VPN feature.
  • Detect or block traffic to/from SINEMA Remote Connect Server (SRCS) VPN feature on affected SIMATIC CP devices; disabling the SRCS VPN feature eliminates the attack surface for this CVE.
  • ·No known public exploits exist for this vulnerability at time of advisory publication.
  • ·Exploitation requires the SINEMA Remote Connect Server (SRCS) VPN feature to be in use; devices not using this feature are not exposed to this specific attack path.
  • ·Several affected product families (SIMATIC CP 1542SP-1 IRC, CP 1543SP-1, and SIPLUS ET 200SP variants) have no fixed version available — all versions v2.0 and later remain vulnerable; mitigations are the only recourse for these models.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.