Multiple vulnerabilities in Siemens Industrial Products

1) Use-after-free

EUVDB-ID: #VU75036

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43716

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the webserver. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SIMATIC CP 1242-7 V2: All versions

SIMATIC CP 1243-1: All versions

SIMATIC CP 1243-1 DNP3: All versions

SIMATIC CP 1243-1 IEC: All versions

SIMATIC CP 1243-7 LTE EU: All versions

SIMATIC CP 1243-7 LTE US: All versions

SIMATIC CP 1243-8 IRC: All versions

SIMATIC CP 1542SP-1: All versions

SIMATIC CP 1542SP-1 IRC: All versions

SIMATIC CP 1543SP-1: All versions

SIMATIC IPC DiagBase: All versions

SIMATIC IPC DiagMonitor: All versions

SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL: All versions

SIPLUS ET 200SP CP 1543SP-1 ISEC: All versions

SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL: All versions

SIPLUS NET CP 1242-7 V2: All versions

SIPLUS S7-1200 CP 1243-1: All versions

SIPLUS S7-1200 CP 1243-1 RAIL: All versions

SIMATIC CP 443-1: before 3.3

SIMATIC CP 443-1 Advanced: before 3.3

SIPLUS NET CP 443-1: before 3.3

SIPLUS NET CP 443-1 Advanced: before 3.3

SIPLUS TIM 1531 IRC: before 2.3.6

TIM 1531 IRC: before 2.3.6

External links

http://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Deadlock

EUVDB-ID: #VU75037

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43767

CWE-ID: CWE-833 - Deadlock

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a deadlock issue in webserver. A remote attacker can cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SIMATIC CP 1242-7 V2: All versions

SIMATIC CP 1243-1: All versions

SIMATIC CP 1243-1 DNP3: All versions

SIMATIC CP 1243-1 IEC: All versions

SIMATIC CP 1243-7 LTE EU: All versions

SIMATIC CP 1243-7 LTE US: All versions

SIMATIC CP 1243-8 IRC: All versions

SIMATIC CP 1542SP-1: All versions

SIMATIC CP 1542SP-1 IRC: All versions

SIMATIC CP 1543SP-1: All versions

SIMATIC IPC DiagBase: All versions

SIMATIC IPC DiagMonitor: All versions

SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL: All versions

SIPLUS ET 200SP CP 1543SP-1 ISEC: All versions

SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL: All versions

SIPLUS NET CP 1242-7 V2: All versions

SIPLUS S7-1200 CP 1243-1: All versions

SIPLUS S7-1200 CP 1243-1 RAIL: All versions

SIMATIC CP 443-1: before 3.3

SIMATIC CP 443-1 Advanced: before 3.3

SIPLUS NET CP 443-1: before 3.3

SIPLUS NET CP 443-1 Advanced: before 3.3

SIPLUS TIM 1531 IRC: before 2.3.6

TIM 1531 IRC: before 2.3.6

External links

http://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Allocation of Resources Without Limits or Throttling

EUVDB-ID: #VU75038

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43768

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to allocation of resources without limits or throttling. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SIMATIC CP 1242-7 V2: All versions

SIMATIC CP 1243-1: All versions

SIMATIC CP 1243-1 DNP3: All versions

SIMATIC CP 1243-1 IEC: All versions

SIMATIC CP 1243-7 LTE EU: All versions

SIMATIC CP 1243-7 LTE US: All versions

SIMATIC CP 1243-8 IRC: All versions

SIMATIC CP 1542SP-1: All versions

SIMATIC CP 1542SP-1 IRC: All versions

SIMATIC CP 1543SP-1: All versions

SIMATIC IPC DiagBase: All versions

SIMATIC IPC DiagMonitor: All versions

SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL: All versions

SIPLUS ET 200SP CP 1543SP-1 ISEC: All versions

SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL: All versions

SIPLUS NET CP 1242-7 V2: All versions

SIPLUS S7-1200 CP 1243-1: All versions

SIPLUS S7-1200 CP 1243-1 RAIL: All versions

SIMATIC CP 443-1: before 3.3

SIMATIC CP 443-1 Advanced: before 3.3

SIPLUS NET CP 443-1: before 3.3

SIPLUS NET CP 443-1 Advanced: before 3.3

SIPLUS TIM 1531 IRC: before 2.3.6

TIM 1531 IRC: before 2.3.6

External links

http://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.