CVE-2022-43767

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-43767
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:siemens:simatic_cp_1242-7_v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1242-7_v2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:simatic_cp_1243-1_dnp3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1243-1_dnp3:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:simatic_cp_1243-1_iec_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1243-1_iec:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:siemens:simatic_cp_1243-7_lte_eu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1243-7_lte_eu:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:siemens:simatic_cp_1243-7_lte_us_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1243-7_lte_us:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:siemens:simatic_cp_1243-8_irc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1243-8_irc:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:siemens:simatic_cp_1542sp-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1542sp-1:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:siemens:simatic_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:siemens:simatic_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1543sp-1:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:siemens:simatic_cp_443-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_443-1:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:siemens:simatic_cp_443-1_advanced_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_443-1_advanced:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:siemens:simatic_ipc_diagbase_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc_diagbase:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:siemens:simatic_ipc_diagmonitor_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc_diagmonitor:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:siemens:siplus_net_cp_1242-7_v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_net_cp_1242-7_v2:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:siemens:siplus_net_cp_443-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_net_cp_443-1:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:siemens:siplus_net_cp_443-1_advanced_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_net_cp_443-1_advanced:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_rail_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1_rail:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:siemens:siplus_tim_1531_irc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_tim_1531_irc:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*
History

09 May 2023, 13:15

Type Values Removed Values Added
CWE NVD-CWE-noinfo CWE-833
Summary A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product. A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.

19 Apr 2023, 20:01

Type Values Removed Values Added
References (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf - (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf - Vendor Advisory
First Time Siemens simatic Cp 1243-7 Lte Us Firmware
Siemens simatic Cp 1243-1 Dnp3
Siemens simatic Cp 1243-1 Firmware
Siemens simatic Cp 1243-1
Siemens siplus S7-1200 Cp 1243-1 Firmware
Siemens simatic Cp 1242-7 V2 Firmware
Siemens siplus Net Cp 443-1 Firmware
Siemens simatic Cp 1243-1 Iec
Siemens simatic Cp 1243-7 Lte Eu Firmware
Siemens simatic Cp 1242-7 V2
Siemens siplus Et 200sp Cp 1543sp-1 Isec Tx Rail Firmware
Siemens siplus Et 200sp Cp 1543sp-1 Isec Firmware
Siemens siplus Tim 1531 Irc Firmware
Siemens simatic Cp 1543sp-1
Siemens siplus Net Cp 1242-7 V2
Siemens simatic Cp 1543sp-1 Firmware
Siemens simatic Cp 443-1 Advanced
Siemens simatic Cp 1542sp-1
Siemens simatic Cp 1542sp-1 Irc
Siemens siplus Et 200sp Cp 1542sp-1 Irc Tx Rail
Siemens simatic Cp 1243-7 Lte Eu
Siemens simatic Cp 1542sp-1 Firmware
Siemens simatic Cp 1243-8 Irc
Siemens simatic Cp 443-1 Advanced Firmware
Siemens simatic Cp 1243-1 Iec Firmware
Siemens simatic Cp 443-1 Firmware
Siemens simatic Ipc Diagmonitor Firmware
Siemens siplus Net Cp 443-1 Advanced Firmware
Siemens tim 1531 Irc
Siemens simatic Cp 1542sp-1 Irc Firmware
Siemens simatic Ipc Diagbase Firmware
Siemens siplus S7-1200 Cp 1243-1 Rail
Siemens tim 1531 Irc Firmware
Siemens simatic Ipc Diagmonitor
Siemens
Siemens siplus Net Cp 443-1
Siemens siplus Et 200sp Cp 1543sp-1 Isec Tx Rail
Siemens simatic Ipc Diagbase
Siemens siplus Et 200sp Cp 1543sp-1 Isec
Siemens simatic Cp 1243-1 Dnp3 Firmware
Siemens siplus Net Cp 1242-7 V2 Firmware
Siemens siplus Tim 1531 Irc
Siemens siplus S7-1200 Cp 1243-1 Rail Firmware
Siemens simatic Cp 1243-7 Lte Us
Siemens siplus Net Cp 443-1 Advanced
Siemens siplus S7-1200 Cp 1243-1
Siemens simatic Cp 443-1
Siemens siplus Et 200sp Cp 1542sp-1 Irc Tx Rail Firmware
Siemens simatic Cp 1243-8 Irc Firmware
CPE cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1243-7_lte_eu:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1543sp-1:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1243-7_lte_us:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_net_cp_1242-7_v2:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1_rail:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_cp_1243-8_irc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_cp_1242-7_v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1243-1_iec:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_ipc_diagmonitor_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_cp_1243-7_lte_eu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:siplus_net_cp_1242-7_v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:siplus_net_cp_443-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_net_cp_443-1:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1243-8_irc:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1242-7_v2:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_net_cp_443-1_advanced:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc_diagbase:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_443-1:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_ipc_diagbase_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_tim_1531_irc:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_cp_1243-1_dnp3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_cp_1542sp-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_rail_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1243-1_dnp3:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_cp_1243-1_iec_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_ipc_diagmonitor:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:siplus_net_cp_443-1_advanced_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1542sp-1:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:siplus_tim_1531_irc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_cp_1243-7_lte_us_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_cp_443-1_advanced_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_443-1_advanced:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_cp_443-1_firmware:*:*:*:*:*:*:*:*
CWE CWE-833 NVD-CWE-noinfo

11 Apr 2023, 10:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-04-11 10:15

Updated : 2023-12-10 15:01

NVD link : CVE-2022-43767

Mitre link : CVE-2022-43767

CVE.ORG link : CVE-2022-43767

JSON object : View

Products Affected

siemens

  • siplus_tim_1531_irc
  • simatic_cp_443-1_firmware
  • tim_1531_irc
  • simatic_cp_1243-7_lte_us
  • simatic_cp_1543sp-1_firmware
  • siplus_tim_1531_irc_firmware
  • simatic_cp_1243-8_irc
  • simatic_cp_443-1_advanced_firmware
  • siplus_et_200sp_cp_1543sp-1_isec_tx_rail
  • simatic_cp_1243-1_firmware
  • siplus_net_cp_443-1_advanced_firmware
  • simatic_cp_1542sp-1_irc
  • simatic_cp_1243-7_lte_eu
  • tim_1531_irc_firmware
  • simatic_cp_1243-1_dnp3
  • simatic_cp_1543sp-1
  • simatic_cp_1243-1_iec_firmware
  • simatic_cp_1242-7_v2_firmware
  • siplus_et_200sp_cp_1542sp-1_irc_tx_rail
  • siplus_et_200sp_cp_1543sp-1_isec
  • simatic_cp_443-1
  • simatic_ipc_diagmonitor
  • simatic_ipc_diagmonitor_firmware
  • siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware
  • simatic_cp_1542sp-1_firmware
  • simatic_ipc_diagbase_firmware
  • simatic_cp_1542sp-1
  • siplus_s7-1200_cp_1243-1_rail_firmware
  • simatic_cp_1242-7_v2
  • simatic_cp_1243-7_lte_eu_firmware
  • simatic_cp_1542sp-1_irc_firmware
  • siplus_s7-1200_cp_1243-1_rail
  • simatic_cp_1243-8_irc_firmware
  • siplus_s7-1200_cp_1243-1_firmware
  • siplus_s7-1200_cp_1243-1
  • siplus_et_200sp_cp_1543sp-1_isec_firmware
  • siplus_net_cp_443-1_firmware
  • siplus_net_cp_1242-7_v2_firmware
  • siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware
  • simatic_cp_1243-1_dnp3_firmware
  • siplus_net_cp_443-1
  • simatic_ipc_diagbase
  • siplus_net_cp_1242-7_v2
  • simatic_cp_443-1_advanced
  • siplus_net_cp_443-1_advanced
  • simatic_cp_1243-7_lte_us_firmware
  • simatic_cp_1243-1
  • simatic_cp_1243-1_iec
CWE
CWE-833

Deadlock

NVD-CWE-noinfo