We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)
Ok

THREATINT
PUBLISHED

CVE-2022-45044

Reserved:2022-11-07
Published:2022-12-13
Updated:2024-05-15

Description

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.50), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.50), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.50), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.50), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.50), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.50), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.50), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.50), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.50), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.50), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.50), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.50), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.50), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.50), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.50), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.50), SIPROTEC 5 7SX85 (CP300) (All versions < V9.50), SIPROTEC 5 7UM85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.50), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.50), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.50), SIPROTEC 5 7VE85 (CP300) (All versions < V9.50), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.50), SIPROTEC 5 7VU85 (CP300) (All versions < V9.50), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.50), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.50). Affected devices do not properly restrict secure client-initiated renegotiations within the SSL and TLS protocols. This could allow an attacker to create a denial of service condition on the ports 443/tcp and 4443/tcp for the duration of the attack.



MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:T/RC:C

Problem types

CWE-400: Uncontrolled Resource Consumption

Product status

Default status
unknown

All versions < V9.50
affected

Default status
unknown

Any version before *
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

Any version before *
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

All versions < V9.64
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

Any version before *
affected

Default status
unknown

All versions < V9.64
affected

Default status
unknown

Any version before *
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

Any version before *
affected

Default status
unknown

Any version before *
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

Any version before *
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

Any version before *
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

Any version before *
affected

Default status
unknown

Any version before *
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

Any version before *
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

All versions < V8.89
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

All versions < V8.89
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

Any version before *
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

Any version before *
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

All versions < V8.89
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

Any version before *
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

Any version before *
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

Any version before *
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

Any version before *
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

Any version before *
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

Any version before *
affected

Default status
unknown

All versions < V9.64
affected

Default status
unknown

All versions < V9.64
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

Any version before *
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

Any version before *
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

Any version before *
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

Any version before *
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

Any version before *
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

All versions < V9.50
affected

Default status
unknown

All versions < V8.89 installed on CP100 devices
affected

Default status
unknown

All versions < V9.50 installed on CP150 and CP300 devices
affected

Default status
unknown

All versions installed on CP200 devices
affected

Default status
unknown

All versions < V8.89 installed on CP100 devices
affected

Default status
unknown

All versions < V9.50 installed on CP150 and CP300 devices
affected

Default status
unknown

All versions installed on CP200 devices
affected

Default status
unknown

Any version before V9.50
affected

Default status
unknown

All versions < V9.50
affected

References

https://cert-portal.siemens.com/productcert/pdf/ssa-552874.pdf

https://cert-portal.siemens.com/productcert/html/ssa-552874.html

cve.org CVE-2022-45044

nvd.nist.gov CVE-2022-45044

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2022-45044