CVE-2022-47374

Description

A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle HTTP(S) requests to the web server correctly. This could allow an attacker to exhaust system resources and create a denial of service condition for the device.

References

Link	Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2022-47374?: CVE-2022-47374 has been scored as a high severity vulnerability.
How to fix CVE-2022-47374?: To fix CVE-2022-47374, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-47374 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-47374 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-47374?: CVE-2022-47374 affects Siemens SIMATIC PC-Station Plus, Siemens SIMATIC S7-400 CPU 412-2 PN V7, Siemens SIMATIC S7-400 CPU 414-3 PN/DP V7, Siemens SIMATIC S7-400 CPU 414F-3 PN/DP V7, Siemens SIMATIC S7-400 CPU 416-3 PN/DP V7, Siemens SIMATIC S7-400 CPU 416F-3 PN/DP V7, Siemens SINAMICS S120 (incl. SIPLUS variants), Siemens SIPLUS S7-400 CPU 414-3 PN/DP V7, Siemens SIPLUS S7-400 CPU 416-3 PN/DP V7.

Description

Category

CWE-674 – Uncontrolled Recursion

References

Frequently Asked Questions