CVE-2022-47375
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Summary
A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle long file names correctly.
This could allow an attacker to create a buffer overflow and create a denial of service condition for the device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | SIMATIC PC-Station Plus | All versions | affected |
| Siemens | SIMATIC S7-400 CPU 412-2 PN V7 | All versions | affected |
| Siemens | SIMATIC S7-400 CPU 414-3 PN/DP V7 | All versions | affected |
| Siemens | SIMATIC S7-400 CPU 414F-3 PN/DP V7 | All versions | affected |
| Siemens | SIMATIC S7-400 CPU 416-3 PN/DP V7 | All versions | affected |
| Siemens | SIMATIC S7-400 CPU 416F-3 PN/DP V7 | All versions | affected |
| Siemens | SINAMICS S120 (incl. SIPLUS variants) | All versions < V5.2 SP3 HF15 | affected |
| Siemens | SIPLUS S7-400 CPU 414-3 PN/DP V7 | All versions | affected |
| Siemens | SIPLUS S7-400 CPU 416-3 PN/DP V7 | All versions | affected |
Weaknesses
- CWE-805: CWE-805: Buffer Access with Incorrect Length Value
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.