We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-43768



Description

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.

Reserved 2022-10-26 | Published 2023-04-11 | Updated 2025-02-07 | Assigner siemens


HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

Problem types

CWE-770: Allocation of Resources Without Limits or Throttling

Product status

Default status
unknown

Any version before V3.4.29
affected

Default status
unknown

Any version before V3.4.29
affected

Default status
unknown

Any version before V3.4.29
affected

Default status
unknown

Any version before V3.4.29
affected

Default status
unknown

Any version before V3.4.29
affected

Default status
unknown

Any version before V3.4.29
affected

Default status
unknown

Any version before V3.4.29
affected

Default status
unknown

Any version before V2.3
affected

Default status
unknown

Any version before V2.3
affected

Default status
unknown

Any version before V2.3
affected

Default status
unknown

Any version before V3.3
affected

Default status
unknown

Any version before V3.3
affected

Default status
unknown

Any version before V3.3
affected

Default status
unknown

Any version before V2.3
affected

Default status
unknown

Any version before V2.3
affected

Default status
unknown

Any version before V2.3
affected

Default status
unknown

Any version before V3.4.29
affected

Default status
unknown

Any version before V3.3
affected

Default status
unknown

Any version before V3.3
affected

Default status
unknown

Any version before V3.4.29
affected

Default status
unknown

Any version before V3.4.29
affected

Default status
unknown

Any version before V2.3.6
affected

Default status
unknown

Any version before V2.3.6
affected

References

cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf

cert-portal.siemens.com/productcert/html/ssa-139628.html

cert-portal.siemens.com/productcert/html/ssa-566905.html

cve.org (CVE-2022-43768)

nvd.nist.gov (CVE-2022-43768)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2022-43768

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.