A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle long file names correctly. This could allow an attacker to create a buffer overflow and create a denial of service condition for the device.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Siemens
  • 6ag1414-3em07-7ab0
  • 6ag1414-3em07-7ab0 Firmware
  • 6ag1416-3es07-7ab0
  • 6ag1416-3es07-7ab0 Firmware
  • 6es7412-2ek07-0ab0
  • 6es7412-2ek07-0ab0 Firmware
  • 6es7414-3em07-0ab0
  • 6es7414-3em07-0ab0 Firmware
  • 6es7414-3fm07-0ab0
  • 6es7414-3fm07-0ab0 Firmware
  • 6es7416-3es07-0ab0
  • 6es7416-3es07-0ab0 Firmware
  • 6es7416-3fs07-0ab0
  • 6es7416-3fs07-0ab0 Firmware
  • Simatic Pc-station Plus
  • Simatic Pc-station Plus Firmware
  • Sinamics S120
  • Sinamics S120 Firmware

Configuration 1 [-]

AND
cpe:2.3:o:siemens:6es7412-2ek07-0ab0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6es7412-2ek07-0ab0:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:siemens:6es7414-3em07-0ab0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6es7414-3em07-0ab0:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:siemens:6es7414-3fm07-0ab0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6es7414-3fm07-0ab0:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:siemens:6es7416-3es07-0ab0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6es7416-3es07-0ab0:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:siemens:6es7416-3fs07-0ab0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6es7416-3fs07-0ab0:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:siemens:6ag1414-3em07-7ab0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6ag1414-3em07-7ab0:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:siemens:6ag1416-3es07-7ab0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6ag1416-3es07-7ab0:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
OR cpe:2.3:o:siemens:sinamics_s120_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:4.7:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:4.8:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:4.9:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.0:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.1:sp1:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.1:sp1_hotfix1:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.1:sp1_hotfix13:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:-:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:hotfix1:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:hotfix11:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:hotfix7:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3_hotfix1:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3_hotfix13:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3_hotfix6:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2:sp3_hotfix9:*:*:*:*:*:*
cpe:2.3:h:siemens:sinamics_s120:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:siemens:simatic_pc-station_plus_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_pc-station_plus:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2023-12-12T11:25:32.533Z

Updated: 2024-08-03T14:55:07.916Z

Reserved: 2022-12-13T14:51:37.210Z

Link: CVE-2022-47375

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2023-12-12T12:15:10.797

Modified: 2023-12-18T14:52:52.443

Link: CVE-2022-47375

cve-icon Redhat

No data.