{ "id": "CVE-2022-40227", "sourceIdentifier": "productcert@siemens.com", "published": "2022-10-11T11:15:10.940", "lastModified": "2022-10-14T17:07:23.703", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V17 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V17 Update 4), SIMATIC HMI KTP1200 Basic (All versions < V17 Update 5), SIMATIC HMI KTP400 Basic (All versions < V17 Update 5), SIMATIC HMI KTP700 Basic (All versions < V17 Update 5), SIMATIC HMI KTP900 Basic (All versions < V17 Update 5), SIPLUS HMI KTP1200 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP400 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP700 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP900 BASIC (All versions < V17 Update 5). Affected devices do not properly validate input sent to certain services over TCP. This could allow an unauthenticated remote attacker to cause a permanent denial of service condition (requiring a device reboot) by sending specially crafted TCP packets." }, { "lang": "es", "value": "Se ha identificado una vulnerabilidad en los paneles SIMATIC HMI Comfort (incl. variantes SIPLUS) (Todas las versiones anteriores a V17 Actualizaci\u00f3n 4), SIMATIC HMI KTP Mobile Panels (Todas las versiones anteriores a V17 Actualizaci\u00f3n 4), SIMATIC HMI KTP1200 Basic (Todas las versiones anteriores a V17 Actualizaci\u00f3n 5), SIMATIC HMI KTP400 Basic (Todas las versiones anteriores a V17 Actualizaci\u00f3n 5), SIMATIC HMI KTP700 Basic (Todas las versiones anteriores a V17 Actualizaci\u00f3n 5), SIMATIC HMI KTP900 Basic (Todas las versiones anteriores a V17 Actualizaci\u00f3n 5), SIPLUS HMI KTP1200 BASIC (Todas las versiones anteriores a V17 Actualizaci\u00f3n 5), SIPLUS HMI KTP400 BASIC (Todas las versiones anteriores a V17 Actualizaci\u00f3n 5), SIPLUS HMI KTP700 BASIC (Todas las versiones anteriores a V17 Actualizaci\u00f3n 5), SIPLUS HMI KTP900 BASIC (Todas las versiones anteriores a V17 Actualizaci\u00f3n 5). Los dispositivos afectados no comprueban apropiadamente la entrada enviada a determinados servicios a trav\u00e9s de TCP. Esto podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio permanente (requiriendo un reinicio del dispositivo) mediante el env\u00edo de paquetes TCP especialmente dise\u00f1ados" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "productcert@siemens.com", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-20" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "17.0", "matchCriteriaId": "8DCFD529-DCC6-42FE-8691-AE5B6695803D" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:17.0:-:*:*:*:*:*:*", "matchCriteriaId": "4EBEE7D5-F809-4225-9A06-7206020EBFB7" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:17.0:update1:*:*:*:*:*:*", "matchCriteriaId": "B09B136A-D79C-479F-B8C3-8205D9C07096" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:17.0:update2:*:*:*:*:*:*", "matchCriteriaId": "746EF905-2BE7-4D2D-A835-BD45A7EC0E20" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:17.0:update3:*:*:*:*:*:*", "matchCriteriaId": "BACB3952-99E2-4435-9ED8-062121F64B74" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:siemens:simatic_hmi_comfort_panels:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BCFE761-35C9-43EF-85BC-E8083B9F75CB" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp400_basic_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "17.0", "matchCriteriaId": "EB67AB83-24D3-44C7-88EB-9F86C1377FE6" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp400_basic_firmware:17.0:-:*:*:*:*:*:*", "matchCriteriaId": "9C1B107D-7299-4B35-8B8A-2C7604D7E053" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp400_basic_firmware:17.0:udpate1:*:*:*:*:*:*", "matchCriteriaId": "4CC31D37-01CC-47BF-B914-C01D67E5F7CF" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp400_basic_firmware:17.0:update2:*:*:*:*:*:*", "matchCriteriaId": "EB517965-7DEA-4F36-9F8C-CD2ACA70011E" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp400_basic_firmware:17.0:update3:*:*:*:*:*:*", "matchCriteriaId": "30D445ED-DCC8-48CC-9964-99594941E0C2" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp400_basic_firmware:17.0:update4:*:*:*:*:*:*", "matchCriteriaId": "8F89742F-A83A-47D4-9B7B-FC938E122374" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:siemens:simatic_hmi_ktp400_basic:-:*:*:*:*:*:*:*", "matchCriteriaId": "0222A331-0D6B-4CF0-AAC8-8874A8C2920D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp700_basic_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "17.0", "matchCriteriaId": "8AC9BB91-C4E1-4EE3-8FB6-011D81E335B2" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp700_basic_firmware:17.0:-:*:*:*:*:*:*", "matchCriteriaId": "EBE0FA3D-E20D-4428-9882-04008F77D7DF" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp700_basic_firmware:17.0:udpate1:*:*:*:*:*:*", "matchCriteriaId": "893C0FF7-56D7-42C5-8175-E9A220D9FD8B" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp700_basic_firmware:17.0:update2:*:*:*:*:*:*", "matchCriteriaId": "917B4B04-4AED-45C9-AB84-6C2033666284" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp700_basic_firmware:17.0:update3:*:*:*:*:*:*", "matchCriteriaId": "F5DD16C0-2E48-44F5-9702-80370285A6A7" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp700_basic_firmware:17.0:update4:*:*:*:*:*:*", "matchCriteriaId": "E521B7A5-C8BD-4CBD-8D07-7173523D9947" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:siemens:simatic_hmi_ktp700_basic:-:*:*:*:*:*:*:*", "matchCriteriaId": "D8615AE0-0560-4026-89E5-9122F7846318" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp900_basic_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "17.0", "matchCriteriaId": "76F77DAF-1863-4DA7-8900-56A2C3377F56" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp900_basic_firmware:17.0:-:*:*:*:*:*:*", "matchCriteriaId": "3F4D22C3-1A81-4CC0-94EA-D4B5AEF7103C" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp900_basic_firmware:17.0:udpate1:*:*:*:*:*:*", "matchCriteriaId": "66CF9CE6-C351-4F55-9CEC-EF28237A6765" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp900_basic_firmware:17.0:update2:*:*:*:*:*:*", "matchCriteriaId": "1A113518-2D32-4C1F-ADEA-F02A24509454" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp900_basic_firmware:17.0:update3:*:*:*:*:*:*", "matchCriteriaId": "8264F3AE-8DFF-4462-8073-BDCD45A874D4" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp900_basic_firmware:17.0:update4:*:*:*:*:*:*", "matchCriteriaId": "DA5DB18E-258F-4E50-97D6-B4067F747F9C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:siemens:simatic_hmi_ktp900_basic:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D2CB1B6-8864-486F-B6F8-9008367C5520" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp1200_basic_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "17.0", "matchCriteriaId": "50D8577F-6CE5-4407-A875-06321EEEA38E" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp1200_basic_firmware:17.0:-:*:*:*:*:*:*", "matchCriteriaId": "9BAD5042-0834-44DB-984D-BBC15F61C336" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp1200_basic_firmware:17.0:udpate1:*:*:*:*:*:*", "matchCriteriaId": "D9DA5CB7-6566-4941-980A-AEE3FB303823" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp1200_basic_firmware:17.0:update2:*:*:*:*:*:*", "matchCriteriaId": "6C724EA7-F8D2-41A3-83D1-584980D49879" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp1200_basic_firmware:17.0:update3:*:*:*:*:*:*", "matchCriteriaId": "6DA2E685-01A0-4CFE-B0C9-457F5EF7319F" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp1200_basic_firmware:17.0:update4:*:*:*:*:*:*", "matchCriteriaId": "73087669-4164-4A95-AB5B-652032BCD204" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:siemens:simatic_hmi_ktp1200_basic:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF65C523-5AFA-46C4-BB97-5E540A4FAF33" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "17.0", "matchCriteriaId": "B580B36D-225C-4826-A9F7-18B98B5F6ADC" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:17.0:-:*:*:*:*:*:*", "matchCriteriaId": "072043EB-B855-4F1A-A326-F135C557FC1C" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:17.0:udpate1:*:*:*:*:*:*", "matchCriteriaId": "EBC6C232-8DA0-46EA-9F45-6C71E43622D5" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:17.0:update2:*:*:*:*:*:*", "matchCriteriaId": "8981B34C-287F-4121-9CF7-5F08D79D50FA" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:17.0:update3:*:*:*:*:*:*", "matchCriteriaId": "34D094D0-A74A-4924-A969-A60E4BFC63B7" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1CEB200-E38F-4629-9279-5AF065396678" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp400_basic_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "17.0", "matchCriteriaId": "3CDE46F2-DDE2-448F-9F50-324D3D5BAAAF" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp400_basic_firmware:17.0:-:*:*:*:*:*:*", "matchCriteriaId": "3933A5FE-62D7-407D-A381-0132ECC87B95" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp400_basic_firmware:17.0:udpate1:*:*:*:*:*:*", "matchCriteriaId": "B8D306FA-B376-431E-87AE-CECBB36D579A" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp400_basic_firmware:17.0:update2:*:*:*:*:*:*", "matchCriteriaId": "9D45398C-11BE-4074-B48D-2B59A1861706" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp400_basic_firmware:17.0:update3:*:*:*:*:*:*", "matchCriteriaId": "78B8C304-65CC-4AF4-8CD9-1ADC4F75FD79" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp400_basic_firmware:17.0:update4:*:*:*:*:*:*", "matchCriteriaId": "93D82946-53FC-456F-AC56-7F29EE7B8CED" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:siemens:siplus_hmi_ktp400_basic:-:*:*:*:*:*:*:*", "matchCriteriaId": "2AC3E1B0-CC2B-4C34-AB6F-C61D2DF8DCA2" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp700_basic_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "17.0", "matchCriteriaId": "3D7E344E-50C0-46CB-BB23-DBD9C6D587EC" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp700_basic_firmware:17.0:-:*:*:*:*:*:*", "matchCriteriaId": "0A97BEBC-ED88-4FA7-B3E2-00398B454038" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp700_basic_firmware:17.0:udpate1:*:*:*:*:*:*", "matchCriteriaId": "E15BF5CD-F348-4AD5-A86A-4DE4436ECB5D" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp700_basic_firmware:17.0:update2:*:*:*:*:*:*", "matchCriteriaId": "70BDFDFF-3B0E-4180-B525-C36D47D49655" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp700_basic_firmware:17.0:update3:*:*:*:*:*:*", "matchCriteriaId": "970D3ED3-27A1-4960-B3B6-21733D9E4943" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp700_basic_firmware:17.0:update4:*:*:*:*:*:*", "matchCriteriaId": "E3BD885C-F063-41C6-837B-50281269611E" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:siemens:siplus_hmi_ktp700_basic:-:*:*:*:*:*:*:*", "matchCriteriaId": "01AADB5B-4072-447D-A9BF-A0108334D727" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp900_basic_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "17.0", "matchCriteriaId": "0426D469-72EE-4D66-987E-C21BDB9867CB" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp900_basic_firmware:17.0:-:*:*:*:*:*:*", "matchCriteriaId": "431D187E-A8F3-4586-B7C8-72D98976A59B" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp900_basic_firmware:17.0:udpate1:*:*:*:*:*:*", "matchCriteriaId": "D652CF29-8521-45B3-AA50-55F3D4D83140" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp900_basic_firmware:17.0:update2:*:*:*:*:*:*", "matchCriteriaId": "DADE0CDD-474E-48C5-9A17-3B9621B34218" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp900_basic_firmware:17.0:update3:*:*:*:*:*:*", "matchCriteriaId": "1BDE0B2E-B8D4-4FD1-85B0-DAD4B5AAC160" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp900_basic_firmware:17.0:update4:*:*:*:*:*:*", "matchCriteriaId": "02CE0AF1-7EC1-4CEF-BD42-7C4AD2684A71" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:siemens:siplus_hmi_ktp900_basic:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C79F9E9-D9B6-4D6B-9B6F-006E3268EEAC" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp1200_basic_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "17.0", "matchCriteriaId": "11713C91-C989-417A-85F3-6744E9F420A4" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp1200_basic_firmware:17.0:-:*:*:*:*:*:*", "matchCriteriaId": "031AEC4F-FCE6-4F79-B372-4D07485E20A7" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp1200_basic_firmware:17.0:udpate1:*:*:*:*:*:*", "matchCriteriaId": "881F137C-1F01-4225-9257-08ED9F53583C" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp1200_basic_firmware:17.0:update2:*:*:*:*:*:*", "matchCriteriaId": "4B9DB1DC-EC61-4B84-8624-863B4E4954AF" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp1200_basic_firmware:17.0:update3:*:*:*:*:*:*", "matchCriteriaId": "2019CF4C-4555-4357-8B8B-63895206BEE6" }, { "vulnerable": true, "criteria": "cpe:2.3:o:siemens:siplus_hmi_ktp1200_basic_firmware:17.0:update4:*:*:*:*:*:*", "matchCriteriaId": "B92136E9-C281-43BB-BF65-EC8729C31BB0" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:siemens:siplus_hmi_ktp1200_basic:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3F61D1C-1127-4F37-BA30-3F36830FDF20" } ] } ] } ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-384224.pdf", "source": "productcert@siemens.com", "tags": [ "Vendor Advisory" ] } ] }