Siemens SIMATIC CP Devices code execution | CVE-2022-34820
NAME
Siemens SIMATIC CP Devices code execution
- Platforms Affected:
Siemens SIMATIC CP 1242-7 V2 (6GK7242-7KX31- 0XE0)
Siemens SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0)
Siemens SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30- 0XE0)
Siemens SIMATIC CP 1243-7 LTE US (6GK7243-7SX30- 0XE0)
Siemens SIMATIC CP 1243-8 IRC (6GK7243-8RX30- 0XE0)
Siemens SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00- 0XE0)
Siemens SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0)
Siemens SIMATIC CP 1543SP-1 (6GK7543-6WX00- 0XE0)
Siemens SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0)
Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0)
Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0)
Siemens SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31- 7XE0)
Siemens SIPLUS NET CP 1543-1 (6AG1543-1AX00- 2XE0)
Siemens SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30- 2AX0)
Siemens SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243- 1BX30-1XE0) - Risk Level:
8.4 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
Siemens SIMATIC CP Devices could allow a remote authenticated attacker to execute arbitrary code on the system, caused by the failure to escape some user provided fields during the authentication process. By sending a specially-crafted request, an attacker could exploit this vulnerability to inject custom commands and execute arbitrary code with elevated privileges.
CVSS 3.0 Information
- Privileges Required: High
- User Interaction: None
- Scope: Changed
- Access Vector: Adjacent Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to Siemens Security Advisory SSA-517377 for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf - Reference Link:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34820
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.
