CVE-2022-40227 — HIGH (7.5)

Q: How severe is CVE-2022-40227?

CVE-2022-40227 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-40227?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic Hmi Comfort Panels Firmware, Siemens Simatic Hmi Comfort Panels, Siemens Simatic Hmi Ktp400 Basic Firmware, Siemens Simatic Hmi Ktp400 Basic, Siemens Simatic Hmi Ktp700 Basic Firmware.

Vulnerability Description

A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V17 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V17 Update 4), SIMATIC HMI KTP1200 Basic (All versions < V17 Update 5), SIMATIC HMI KTP400 Basic (All versions < V17 Update 5), SIMATIC HMI KTP700 Basic (All versions < V17 Update 5), SIMATIC HMI KTP900 Basic (All versions < V17 Update 5), SIPLUS HMI KTP1200 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP400 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP700 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP900 BASIC (All versions < V17 Update 5). Affected devices do not properly validate input sent to certain services over TCP. This could allow an unauthenticated remote attacker to cause a permanent denial of service condition (requiring a device reboot) by sending specially crafted TCP packets.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Siemens	Simatic Hmi Comfort Panels Firmware	< 17.0
Siemens	Simatic Hmi Comfort Panels	-
Siemens	Simatic Hmi Ktp400 Basic Firmware	< 17.0
Siemens	Simatic Hmi Ktp400 Basic	-
Siemens	Simatic Hmi Ktp700 Basic Firmware	< 17.0
Siemens	Simatic Hmi Ktp700 Basic	-
Siemens	Simatic Hmi Ktp900 Basic Firmware	< 17.0
Siemens	Simatic Hmi Ktp900 Basic	-
Siemens	Simatic Hmi Ktp1200 Basic Firmware	< 17.0
Siemens	Simatic Hmi Ktp1200 Basic	-
Siemens	Simatic Hmi Ktp Mobile Panels Firmware	< 17.0
Siemens	Simatic Hmi Ktp Mobile Panels	-
Siemens	Siplus Hmi Ktp400 Basic Firmware	< 17.0
Siemens	Siplus Hmi Ktp400 Basic	-
Siemens	Siplus Hmi Ktp700 Basic Firmware	< 17.0
Siemens	Siplus Hmi Ktp700 Basic	-
Siemens	Siplus Hmi Ktp900 Basic Firmware	< 17.0
Siemens	Siplus Hmi Ktp900 Basic	-
Siemens	Siplus Hmi Ktp1200 Basic Firmware	< 17.0
Siemens	Siplus Hmi Ktp1200 Basic	-

Related Weaknesses (CWE)

CWE-20

References

https://cert-portal.siemens.com/productcert/pdf/ssa-384224.pdfVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-384224.pdfVendor Advisory

FAQ

What is CVE-2022-40227?

CVE-2022-40227 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V17 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V17 Update 4), SIMATIC HMI KTP120...

How severe is CVE-2022-40227?

CVE-2022-40227 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-40227?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic Hmi Comfort Panels Firmware, Siemens Simatic Hmi Comfort Panels, Siemens Simatic Hmi Ktp400 Basic Firmware, Siemens Simatic Hmi Ktp400 Basic, Siemens Simatic Hmi Ktp700 Basic Firmware.