CVE-2022-45044

CVSS V2 None CVSS V3 None

Description

A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP200) (All versions), SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MD86 devices (CPU variant CP200) (All versions), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7KE85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SA82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SA86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SA87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SD82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SD86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SD87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SJ81 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SJ82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SJ85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SJ86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SK82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SK85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SL82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SL86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SL87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SS85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7ST85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7UT82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7UT85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UT86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UT87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7VK87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions). Affected devices do not properly restrict secure client-initiated renegotiations within the SSL and TLS protocols. This could allow an attacker to create a denial of service condition on the ports 443/tcp and 4443/tcp for the duration of the attack.

Overview

CVE ID
CVE-2022-45044

Assigner
productcert@siemens.com

Vulnerability Status
Analyzed

Published Version
2022-12-13T16:15:24

Last Modified Date
2022-12-16T16:49:58

Weakness Enumerations

CWE	URL
CWE-400	http://cwe.mitre.org/data/definitions/400.html

CPE Configuration (Product)

CPE	Vulnerable	Operator
		AND
cpe:2.3:o:siemens:siprotec_5_6md85_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_6md85:cp200:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_6md85_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_6md85:cp300:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_6md86_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_6md86:cp200:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_6md86_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_6md86:cp300:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_6md89_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_6md89:cp300:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_6mu85_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_6mu85:cp200:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_6mu85_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_6mu85:cp300:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7ke85_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7ke85:cp200:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7ke85_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7ke85:cp300:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sa82_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sa82:cp100:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sa82_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sa82:cp150:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sa86_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sa86:cp200:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sa86_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sa86:cp300:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sa87_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sa87:cp200:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sa87_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sa87:cp300:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sd82_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sd82:cp100:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sd82_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sd82:cp150:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sd86_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sd86:cp200:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sd86_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sd86:cp300:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sd87_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sd87:cp200:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sd87_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sd87:cp300:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sj81_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sj81:cp100:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sj81_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sj81:cp150:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sj82_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sj82:cp100:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sj82_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sj82:cp150:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sj85_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sj85:cp200:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sj85_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sj85:cp300:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sj86_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sj86:cp200:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sj86_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sj86:cp300:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sk82_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sk82:cp100:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sk82_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sk82:cp150:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sk85_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sk85:cp200:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sk85_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sk85:cp300:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sl82_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sl82:cp100:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sl82_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sl82:cp150:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sl86_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sl86:cp200:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sl86_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sl86:cp300:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sl87_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sl87:cp200:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sl87_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sl87:cp300:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7ss85_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7ss85:cp200:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7ss85_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7ss85:cp300:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7st85_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7st85:cp200:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7st85_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7st85:cp300:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7sx85_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7sx85:cp300:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7um85_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7um85:cp300:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7ut82_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7ut82:cp100:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7ut82_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7ut82:cp150:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7ut85_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7ut85:cp200:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7ut85_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7ut85:cp300:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7ut86_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7ut86:cp200:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7ut86_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7ut86:cp300:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7ut87_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7ut87:cp200:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7ut87_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7ut87:cp300:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7ve85_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7ve85:cp300:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7vk87_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7vk87:cp200:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_7vk87_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_7vk87:cp300:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_communication_module_ethba2el_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_communication_module_ethba2el:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_communication_module_ethbb2fo_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_communication_module_ethbb2fo:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_communication_module_ethbd2fo_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_communication_module_ethbd2fo:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:siprotec_5_compact_7sx800_firmware:-:::::::*	1	OR
cpe:2.3:h:siemens:siprotec_5_compact_7sx800:cp050:::::::*	0	OR

References

Reference URL	Reference Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-552874.pdf

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-45044
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45044

History

Created	Old Value	New Value	Data Type	Notes
2022-12-13 16:18:30				Added to TrackCVE
2022-12-13 17:21:59	2022-12-13T16:15:24.617	2022-12-13T16:15:24	CVE Published Date	updated
2022-12-13 17:21:59		2022-12-13T16:52:05	CVE Modified Date	updated
2022-12-13 17:21:59	Received	Awaiting Analysis	Vulnerability Status	updated
2022-12-15 16:18:07	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2022-12-18 04:35:13		2022-12-16T16:49:58	CVE Modified Date	updated
2022-12-18 04:35:13	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2022-12-18 04:35:16		CWE-400	Weakness Enumeration	new
2022-12-18 04:35:26			CPE Information	updated