CVE-2022-25622

MEDIUM

Published 2022-04-12T00:00:00.000Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-25622. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

5.3

/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01

0.001

probability

of exploitation in the wild

There is a 0.1% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25

Exploit Probability

Percentile: 0.467

Higher than 46.7% of all CVEs

Attack Vector Metrics

Attack Vector

Not Available

Attack Complexity

Not Available

Privileges Required

Not Available

User Interaction

Not Available

Scope

Not Available

Impact Metrics

Confidentiality

Not Available

Integrity

Not Available

Availability

Not Available

Description

The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined.

This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Siemens

SIMATIC ET 200MP IM 155-5 PN HF

Affected Versions:

V4.2.0

Siemens

SIMATIC ET 200pro IM 154-8 PN/DP CPU

Affected Versions:

All versions < V3.2.19

Siemens

SIMATIC ET 200pro IM 154-8F PN/DP CPU

Affected Versions:

All versions < V3.2.19

Siemens

SIMATIC ET 200pro IM 154-8FX PN/DP CPU

Affected Versions:

All versions < V3.2.19

Siemens

SIMATIC ET 200S IM 151-8 PN/DP CPU

Affected Versions:

All versions < V3.2.19

Siemens

SIMATIC ET 200S IM 151-8F PN/DP CPU

Affected Versions:

All versions < V3.2.19

Siemens

SIMATIC ET 200SP IM 155-6 MF HF

Affected Versions:

Siemens

SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)

Affected Versions:

All versions

Siemens

SIMATIC ET 200SP IM 155-6 PN HF

Affected Versions:

V4.2.0

Siemens

SIMATIC ET 200SP IM 155-6 PN/2 HF

Affected Versions:

V4.2.0

Siemens

SIMATIC ET 200SP IM 155-6 PN/3 HF

Affected Versions:

V4.2.0

Siemens

SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L

Affected Versions:

V5.1.1

Siemens

SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L

Affected Versions:

V5.1.1

Siemens

SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L

Affected Versions:

V5.1.1

Siemens

SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L

Affected Versions:

V5.1.1

Siemens

SIMATIC ET200ecoPN, DI 16x24VDC, M12-L

Affected Versions:

V5.1.1

Siemens

SIMATIC ET200ecoPN, DI 8x24VDC, M12-L

Affected Versions:

V5.1.1

Siemens

SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L

Affected Versions:

V5.1.1

Siemens

SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L

Affected Versions:

V5.1.1

Siemens

SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L

Affected Versions:

V5.1.1

Siemens

SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)

Affected Versions:

All versions < V2.0.0

Siemens

SIMATIC S7-300 CPU 314C-2 PN/DP

Affected Versions:

All versions < V3.3.19

Siemens

SIMATIC S7-300 CPU 315-2 PN/DP

Affected Versions:

All versions < V3.2.19

Siemens

SIMATIC S7-300 CPU 315F-2 PN/DP

Affected Versions:

All versions < V3.2.19

Siemens

SIMATIC S7-300 CPU 315T-3 PN/DP

Affected Versions:

All versions < V3.2.19

Siemens

SIMATIC S7-300 CPU 317-2 PN/DP

Affected Versions:

All versions < V3.2.19

Siemens

SIMATIC S7-300 CPU 317F-2 PN/DP

Affected Versions:

All versions < V3.2.19

Siemens

SIMATIC S7-300 CPU 317T-3 PN/DP

Affected Versions:

All versions < V3.2.19

Siemens

SIMATIC S7-300 CPU 317TF-3 PN/DP

Affected Versions:

All versions < V3.2.19

Siemens

SIMATIC S7-300 CPU 319-3 PN/DP

Affected Versions:

All versions < V3.2.19

Siemens

SIMATIC S7-300 CPU 319F-3 PN/DP

Affected Versions:

All versions < V3.2.19

Siemens

SIMATIC S7-400 CPU 412-2 PN V7

Affected Versions:

Siemens

SIMATIC S7-400 CPU 414-3 PN/DP V7

Affected Versions:

Siemens

SIMATIC S7-400 CPU 414F-3 PN/DP V7

Affected Versions:

Siemens

SIMATIC S7-400 CPU 416-3 PN/DP V7

Affected Versions:

Siemens

SIMATIC S7-400 CPU 416F-3 PN/DP V7

Affected Versions:

Siemens

SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)

Affected Versions:

Siemens

SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)

Affected Versions:

All versions < V10.1.1

Siemens

SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)

Affected Versions:

Siemens

SINAMICS G120 (incl. SIPLUS variants)

Affected Versions:

Siemens

SINAMICS S120 (incl. SIPLUS variants)

Affected Versions:

Siemens

SIPLUS ET 200MP IM 155-5 PN HF

Affected Versions:

V4.2.0

Siemens

SIPLUS ET 200MP IM 155-5 PN HF

Affected Versions:

V4.2.0

Siemens

SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL

Affected Versions:

V4.2.0

Siemens

SIPLUS ET 200S IM 151-8 PN/DP CPU

Affected Versions:

All versions < V3.2.19

Siemens

SIPLUS ET 200S IM 151-8F PN/DP CPU

Affected Versions:

All versions < V3.2.19

Siemens

SIPLUS ET 200SP IM 155-6 PN HF

Affected Versions:

V4.2.0

Siemens

SIPLUS ET 200SP IM 155-6 PN HF

Affected Versions:

V4.2.0

Siemens

SIPLUS ET 200SP IM 155-6 PN HF

Affected Versions:

V4.2.0

Siemens

SIPLUS ET 200SP IM 155-6 PN HF

Affected Versions:

V4.2.0

Siemens

SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL

Affected Versions:

V4.2.0

Siemens

SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL

Affected Versions:

V4.2.0

Siemens

SIPLUS ET 200SP IM 155-6 PN HF TX RAIL

Affected Versions:

V4.2.0

Siemens

SIPLUS S7-300 CPU 314C-2 PN/DP

Affected Versions:

All versions < V3.3.19

Siemens

SIPLUS S7-300 CPU 315F-2 PN/DP

Affected Versions:

All versions < V3.2.19

Siemens

SIPLUS S7-300 CPU 317F-2 PN/DP

Affected Versions:

All versions < V3.2.19

Siemens

SIPLUS S7-400 CPU 414-3 PN/DP V7

Affected Versions:

Siemens

SIPLUS S7-400 CPU 416-3 PN/DP V7

Affected Versions:

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-pgxc-2q22-7c2f

Advisory Details

A vulnerability has been identified in SIMATIC CFU DIQ (All versions), SIMATIC CFU PA (All versions), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX (All versions), SIMIT Simulation Platform (All versions). The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments.

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-25622

WEB https://cert-portal.siemens.com/productcert/html/ssa-446448.html

WEB https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdf

Advisory provided by GitHub Security Advisory Database. Published: April 13, 2022, Modified: May 14, 2024

References

https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdf

https://cert-portal.siemens.com/productcert/html/ssa-446448.html

Published: 2022-04-12T00:00:00.000Z

Last Modified: 2025-04-21T13:54:36.799Z

Copied to clipboard!