Vulnerability Details CVE-2022-25622
The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined.
This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.9%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2022-25622
-
cpe:2.3:a:siemens:simit_simulation_platform:-
-
cpe:2.3:a:siemens:simit_simulation_platform:10.3
-
cpe:2.3:h:siemens:simatic_cfu_diq:-
-
cpe:2.3:h:siemens:simatic_cfu_pa:-
-
cpe:2.3:h:siemens:simatic_s7-1500_cpu:-
-
cpe:2.3:h:siemens:simatic_s7-300_cpu:-
-
cpe:2.3:h:siemens:simatic_s7-400_pn/dp_v7:-
-
cpe:2.3:h:siemens:simatic_s7-400h_v6:-
-
cpe:2.3:h:siemens:simatic_s7-410_v10:-
-
cpe:2.3:h:siemens:simatic_s7-410_v8:-
-
cpe:2.3:h:siemens:simatic_tdc_cp51m1:-
-
cpe:2.3:h:siemens:simatic_tdc_cpu555:-
-
cpe:2.3:h:siemens:simatic_winac_rtx:-
-
cpe:2.3:o:siemens:simatic_cfu_diq_firmware:-
-
cpe:2.3:o:siemens:simatic_cfu_pa_firmware:-
-
cpe:2.3:o:siemens:simatic_cfu_pa_firmware:1.2.0
-
cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:1.5.1
-
cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:1.6
-
cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:1.8.2
-
cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:2.0
-
cpe:2.3:o:siemens:simatic_s7-300_cpu_firmware:-
-
cpe:2.3:o:siemens:simatic_s7-300_cpu_firmware:3.2.17
-
cpe:2.3:o:siemens:simatic_s7-300_cpu_firmware:3.3.17
-
cpe:2.3:o:siemens:simatic_s7-400_pn/dp_v7_firmware:-
-
cpe:2.3:o:siemens:simatic_s7-400h_v6_firmware:-
-
cpe:2.3:o:siemens:simatic_s7-400h_v6_firmware:6.0.8
-
cpe:2.3:o:siemens:simatic_s7-400h_v6_firmware:6.0.9
-
cpe:2.3:o:siemens:simatic_s7-410_v10_firmware:-
-
cpe:2.3:o:siemens:simatic_s7-410_v8_firmware:-
-
cpe:2.3:o:siemens:simatic_s7-410_v8_firmware:8.2.2
-
cpe:2.3:o:siemens:simatic_tdc_cp51m1_firmware:-
-
cpe:2.3:o:siemens:simatic_tdc_cp51m1_firmware:1.0.0
-
cpe:2.3:o:siemens:simatic_tdc_cp51m1_firmware:1.0.1
-
cpe:2.3:o:siemens:simatic_tdc_cp51m1_firmware:1.1.0
-
cpe:2.3:o:siemens:simatic_tdc_cp51m1_firmware:1.1.2
-
cpe:2.3:o:siemens:simatic_tdc_cp51m1_firmware:1.1.3
-
cpe:2.3:o:siemens:simatic_tdc_cp51m1_firmware:1.1.4
-
cpe:2.3:o:siemens:simatic_tdc_cp51m1_firmware:1.1.6
-
cpe:2.3:o:siemens:simatic_tdc_cp51m1_firmware:1.1.7
-
cpe:2.3:o:siemens:simatic_tdc_cp51m1_firmware:1.1.8
-
cpe:2.3:o:siemens:simatic_tdc_cpu555_firmware:-
-
cpe:2.3:o:siemens:simatic_tdc_cpu555_firmware:1.1.1
-
cpe:2.3:o:siemens:simatic_winac_rtx_firmware:-
-
cpe:2.3:o:siemens:simatic_winac_rtx_firmware:2010