CVE-2022-25622
Last modified
CVE-2022-25622 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments.. EPSS estimates a 0.82% chance of exploitation in the next 30 days.
Description
The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Simatic Cfu Diq Firmware | All versions |
| Siemens | Simatic Cfu Pa Firmware | All versions |
| Siemens | Simatic S7-300 Cpu Firmware | All versions |
| Siemens | Simatic S7-400h V6 Firmware | All versions |
| Siemens | Simatic S7-400 Pn\/Dp V7 Firmware | All versions |
| Siemens | Simatic S7-410 V8 Firmware | All versions |
| Siemens | Simatic S7-410 V10 Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu Firmware | < 2.0.0 |
| Siemens | Simatic Tdc Cp51m1 Firmware | All versions |
| Siemens | Simatic Tdc Cpu555 Firmware | All versions |
| Siemens | Simatic Winac Rtx Firmware | All versions |
| Siemens | Simit Simulation Platform | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-25622?
How severe is CVE-2022-25622?
How do I fix CVE-2022-25622?
Are you affected by CVE-2022-25622?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST