Vulnerability Description
The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Simatic Cfu Diq Firmware | All versions |
| Siemens | Simatic Cfu Diq | - |
| Siemens | Simatic Cfu Pa Firmware | All versions |
| Siemens | Simatic Cfu Pa | - |
| Siemens | Simatic S7-300 Cpu Firmware | All versions |
| Siemens | Simatic S7-300 Cpu | - |
| Siemens | Simatic S7-400H V6 Firmware | All versions |
| Siemens | Simatic S7-400H V6 | - |
| Siemens | Simatic S7-400 Pn\/Dp V7 Firmware | All versions |
| Siemens | Simatic S7-400 Pn\/Dp V7 | - |
| Siemens | Simatic S7-410 V8 Firmware | All versions |
| Siemens | Simatic S7-410 V8 | - |
| Siemens | Simatic S7-410 V10 Firmware | All versions |
| Siemens | Simatic S7-410 V10 | - |
| Siemens | Simatic S7-1500 Cpu Firmware | < 2.0.0 |
| Siemens | Simatic S7-1500 Cpu | - |
| Siemens | Simatic Tdc Cp51M1 Firmware | All versions |
| Siemens | Simatic Tdc Cp51M1 | - |
| Siemens | Simatic Tdc Cpu555 Firmware | All versions |
| Siemens | Simatic Tdc Cpu555 | - |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/html/ssa-446448.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdfVendor Advisory
- https://cert-portal.siemens.com/productcert/html/ssa-446448.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdfVendor Advisory
FAQ
What is CVE-2022-25622?
CVE-2022-25622 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could al...
How severe is CVE-2022-25622?
CVE-2022-25622 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-25622?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic Cfu Diq Firmware, Siemens Simatic Cfu Diq, Siemens Simatic Cfu Pa Firmware, Siemens Simatic Cfu Pa, Siemens Simatic S7-300 Cpu Firmware.