CVE-2022-47374
moderate-risk
Published 2023-12-12
A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle HTTP(S) requests to the web server correctly. This could allow an attacker to exhaust system resources and create a denial of service condition for the device.
Do I need to act?
-
0.22% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (20)
6Es7412-2Ek07-0Ab0 Firmware
6Es7414-3Em07-0Ab0 Firmware
6Es7414-3Fm07-0Ab0 Firmware
6Es7416-3Es07-0Ab0 Firmware
6Es7416-3Fs07-0Ab0 Firmware
6Ag1414-3Em07-7Ab0 Firmware
6Ag1416-3Es07-7Ab0 Firmware
Sinamics S120 Firmware
Sinamics S120 Firmware
Sinamics S120 Firmware
Sinamics S120 Firmware
Sinamics S120 Firmware
Sinamics S120 Firmware
Sinamics S120 Firmware
Sinamics S120 Firmware
Sinamics S120 Firmware
Sinamics S120 Firmware
Sinamics S120 Firmware
Sinamics S120 Firmware
Sinamics S120 Firmware
Affected Vendors
References (2)
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf
48
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
1/34 · Minimal
Exposure
21/34 · High