CVE-2022-47375 — Buffer Access with Incorrect Length Value in Siemens Simatic Pc-station Plus

CWE-805 — Buffer Access with Incorrect Length Value CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 53.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic Pc-station Plus Siemens Simatic S7-400 CPU 412-2 PN V7 Siemens Simatic S7-400 CPU 414-3 PN DP V7 +7 more

Timeline

PublishedDec 12

Description

A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages10 packages

▶CVEListV5siemens/simatic_pc-station_plusAll versions

▶CVEListV5siemens/simatic_s7-400_cpu_414f-3_pn_dp_v7All versions

▶CVEListV5siemens/simatic_s7-400_cpu_416f-3_pn_dp_v7All versions

▶CVEListV5siemens/simatic_s7-400_cpu_412-2_pn_v7All versions

▶CVEListV5siemens/simatic_s7-400_cpu_414-3_pn_dp_v7All versions

🔴Vulnerability Details

CVEList

CVE-2022-47375: A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3↗2023-12-12

▶

GHSA

GHSA-mw8p-jf63-v8fr: A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3↗2023-12-12

▶