CVE-2022-40227

CVSS V2 None CVSS V3 High 7.5
Description
A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V17 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V17 Update 4), SIMATIC HMI KTP1200 Basic (All versions < V17 Update 5), SIMATIC HMI KTP400 Basic (All versions < V17 Update 5), SIMATIC HMI KTP700 Basic (All versions < V17 Update 5), SIMATIC HMI KTP900 Basic (All versions < V17 Update 5), SIPLUS HMI KTP1200 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP400 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP700 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP900 BASIC (All versions < V17 Update 5). Affected devices do not properly validate input sent to certain services over TCP. This could allow an unauthenticated remote attacker to cause a permanent denial of service condition (requiring a device reboot) by sending specially crafted TCP packets.
Overview
  • CVE ID
  • CVE-2022-40227
  • Assigner
  • productcert@siemens.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-10-11T11:15:10
  • Last Modified Date
  • 2022-10-14T17:07:23
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:*:*:*:*:*:*:*:* 1 OR 17.0
cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:17.0:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:17.0:update1:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:17.0:update2:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:17.0:update3:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:simatic_hmi_comfort_panels:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_hmi_ktp400_basic_firmware:*:*:*:*:*:*:*:* 1 OR 17.0
cpe:2.3:o:siemens:simatic_hmi_ktp400_basic_firmware:17.0:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:simatic_hmi_ktp400_basic_firmware:17.0:udpate1:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:simatic_hmi_ktp400_basic_firmware:17.0:update2:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:simatic_hmi_ktp400_basic_firmware:17.0:update3:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:simatic_hmi_ktp400_basic_firmware:17.0:update4:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:simatic_hmi_ktp400_basic:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_hmi_ktp700_basic_firmware:*:*:*:*:*:*:*:* 1 OR 17.0
cpe:2.3:o:siemens:simatic_hmi_ktp700_basic_firmware:17.0:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:simatic_hmi_ktp700_basic_firmware:17.0:udpate1:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:simatic_hmi_ktp700_basic_firmware:17.0:update2:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:simatic_hmi_ktp700_basic_firmware:17.0:update3:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:simatic_hmi_ktp700_basic_firmware:17.0:update4:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:simatic_hmi_ktp700_basic:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_hmi_ktp900_basic_firmware:*:*:*:*:*:*:*:* 1 OR 17.0
cpe:2.3:o:siemens:simatic_hmi_ktp900_basic_firmware:17.0:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:simatic_hmi_ktp900_basic_firmware:17.0:udpate1:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:simatic_hmi_ktp900_basic_firmware:17.0:update2:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:simatic_hmi_ktp900_basic_firmware:17.0:update3:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:simatic_hmi_ktp900_basic_firmware:17.0:update4:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:simatic_hmi_ktp900_basic:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_hmi_ktp1200_basic_firmware:*:*:*:*:*:*:*:* 1 OR 17.0
cpe:2.3:o:siemens:simatic_hmi_ktp1200_basic_firmware:17.0:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:simatic_hmi_ktp1200_basic_firmware:17.0:udpate1:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:simatic_hmi_ktp1200_basic_firmware:17.0:update2:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:simatic_hmi_ktp1200_basic_firmware:17.0:update3:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:simatic_hmi_ktp1200_basic_firmware:17.0:update4:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:simatic_hmi_ktp1200_basic:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:*:*:*:*:*:*:*:* 1 OR 17.0
cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:17.0:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:17.0:udpate1:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:17.0:update2:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:17.0:update3:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:siplus_hmi_ktp400_basic_firmware:*:*:*:*:*:*:*:* 1 OR 17.0
cpe:2.3:o:siemens:siplus_hmi_ktp400_basic_firmware:17.0:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:siplus_hmi_ktp400_basic_firmware:17.0:udpate1:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:siplus_hmi_ktp400_basic_firmware:17.0:update2:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:siplus_hmi_ktp400_basic_firmware:17.0:update3:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:siplus_hmi_ktp400_basic_firmware:17.0:update4:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:siplus_hmi_ktp400_basic:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:siplus_hmi_ktp700_basic_firmware:*:*:*:*:*:*:*:* 1 OR 17.0
cpe:2.3:o:siemens:siplus_hmi_ktp700_basic_firmware:17.0:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:siplus_hmi_ktp700_basic_firmware:17.0:udpate1:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:siplus_hmi_ktp700_basic_firmware:17.0:update2:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:siplus_hmi_ktp700_basic_firmware:17.0:update3:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:siplus_hmi_ktp700_basic_firmware:17.0:update4:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:siplus_hmi_ktp700_basic:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:siplus_hmi_ktp900_basic_firmware:*:*:*:*:*:*:*:* 1 OR 17.0
cpe:2.3:o:siemens:siplus_hmi_ktp900_basic_firmware:17.0:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:siplus_hmi_ktp900_basic_firmware:17.0:udpate1:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:siplus_hmi_ktp900_basic_firmware:17.0:update2:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:siplus_hmi_ktp900_basic_firmware:17.0:update3:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:siplus_hmi_ktp900_basic_firmware:17.0:update4:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:siplus_hmi_ktp900_basic:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:siplus_hmi_ktp1200_basic_firmware:*:*:*:*:*:*:*:* 1 OR 17.0
cpe:2.3:o:siemens:siplus_hmi_ktp1200_basic_firmware:17.0:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:siplus_hmi_ktp1200_basic_firmware:17.0:udpate1:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:siplus_hmi_ktp1200_basic_firmware:17.0:update2:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:siplus_hmi_ktp1200_basic_firmware:17.0:update3:*:*:*:*:*:* 1 OR
cpe:2.3:o:siemens:siplus_hmi_ktp1200_basic_firmware:17.0:update4:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:siplus_hmi_ktp1200_basic:-:*:*:*:*:*:*:* 0 OR
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • NONE
  • Availability Impact
  • HIGH
  • Base Score
  • 7.5
  • Base Severity
  • HIGH
  • Exploitability Score
  • 3.9
  • Impact Score
  • 3.6
References
History
Created Old Value New Value Data Type Notes
2022-10-11 12:00:09 Added to TrackCVE
2022-12-07 06:03:59 2022-10-11T11:15Z 2022-10-11T11:15:10 CVE Published Date updated
2022-12-07 06:03:59 2022-10-14T17:07:23 CVE Modified Date updated
2022-12-07 06:03:59 Analyzed Vulnerability Status updated