Vulnerability Details CVE-2022-47374
A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle HTTP(S) requests to the web server correctly.
This could allow an attacker to exhaust system resources and create a denial of service condition for the device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.6%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2022-47374
-
cpe:2.3:h:siemens:6ag1414-3em07-7ab0:-
-
cpe:2.3:h:siemens:6ag1416-3es07-7ab0:-
-
cpe:2.3:h:siemens:6es7412-2ek07-0ab0:-
-
cpe:2.3:h:siemens:6es7414-3em07-0ab0:-
-
cpe:2.3:h:siemens:6es7414-3fm07-0ab0:-
-
cpe:2.3:h:siemens:6es7416-3es07-0ab0:-
-
cpe:2.3:h:siemens:6es7416-3fs07-0ab0:-
-
cpe:2.3:h:siemens:simatic_pc-station_plus:-
-
cpe:2.3:h:siemens:sinamics_s120:-
-
cpe:2.3:o:siemens:6ag1414-3em07-7ab0_firmware:*
-
cpe:2.3:o:siemens:6ag1416-3es07-7ab0_firmware:*
-
cpe:2.3:o:siemens:6es7412-2ek07-0ab0_firmware:*
-
cpe:2.3:o:siemens:6es7414-3em07-0ab0_firmware:*
-
cpe:2.3:o:siemens:6es7414-3fm07-0ab0_firmware:*
-
cpe:2.3:o:siemens:6es7416-3es07-0ab0_firmware:*
-
cpe:2.3:o:siemens:6es7416-3fs07-0ab0_firmware:*
-
cpe:2.3:o:siemens:simatic_pc-station_plus_firmware:*
-
cpe:2.3:o:siemens:sinamics_s120_firmware:-
-
cpe:2.3:o:siemens:sinamics_s120_firmware:4.7
-
cpe:2.3:o:siemens:sinamics_s120_firmware:4.8
-
cpe:2.3:o:siemens:sinamics_s120_firmware:4.9
-
cpe:2.3:o:siemens:sinamics_s120_firmware:5.0
-
cpe:2.3:o:siemens:sinamics_s120_firmware:5.1
-
cpe:2.3:o:siemens:sinamics_s120_firmware:5.2