#VU68121 Input validation error in Siemens products - CVE-2022-40227
Published: October 11, 2022
Vulnerability identifier: #VU68121
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-40227
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
SIMATIC HMI Comfort Panels
SIMATIC HMI KTP400 Basic
SIMATIC HMI KTP700 Basic
SIMATIC HMI KTP900
SIMATIC HMI KTP1200
SIMATIC HMI KTP Mobile Panels
SIPLUS HMI KTP400 BASIC
SIPLUS HMI KTP700 BASIC
SIPLUS HMI KTP900 BASIC
SIPLUS HMI KTP1200 BASIC
SIMATIC HMI Comfort Panels
SIMATIC HMI KTP400 Basic
SIMATIC HMI KTP700 Basic
SIMATIC HMI KTP900
SIMATIC HMI KTP1200
SIMATIC HMI KTP Mobile Panels
SIPLUS HMI KTP400 BASIC
SIPLUS HMI KTP700 BASIC
SIPLUS HMI KTP900 BASIC
SIPLUS HMI KTP1200 BASIC
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted TCP packet to the application and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.