First published: Tue Jul 12 2022(Updated: )
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). The application lacks proper validation of user-supplied data when parsing specific messages. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of device.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Simatic Cp 1242-7 V2 Firmware | ||
Siemens Simatic Cp 1242-7 V2 | ||
Siemens Simatic Cp 1243-1 Firmware | ||
Siemens Simatic Cp 1243-1 | ||
Siemens Simatic Cp 1243-7 Lte Eu Firmware | ||
Siemens SIMATIC CP 1243-7 LTE EU | ||
Siemens Simatic Cp 1243-7 Lte Us Firmware | ||
Siemens SIMATIC CP 1243-7 LTE US | ||
Siemens Simatic Cp 1243-8 Irc Firmware | ||
Siemens Simatic Cp 1243-8 Irc | ||
Siemens Simatic Cp 1542sp-1 Irc Firmware | >=2.0 | |
Siemens Simatic Cp 1542sp-1 Irc | ||
Siemens Simatic Cp 1543-1 Firmware | <3.0.22 | |
Siemens Simatic Cp 1543-1 | ||
Siemens Simatic Cp 1543sp-1 Firmware | >=2.0 | |
Siemens Simatic Cp 1543sp-1 | ||
Siemens Siplus Et 200sp Cp 1542sp-1 Irc Tx Rail Firmware | >=2.0 | |
Siemens Siplus Et 200sp Cp 1542sp-1 Irc Tx Rail | ||
Siemens Siplus Et 200sp Cp 1543sp-1 Isec Firmware | >=2.0 | |
Siemens Siplus Et 200sp Cp 1543sp-1 Isec | ||
Siemens Siplus Et 200sp Cp 1543sp-1 Isec Tx Rail Firmware | >=2.0 | |
Siemens Siplus Et 200sp Cp 1543sp-1 Isec Tx Rail | ||
Siemens Siplus Net Cp 1242-7 V2 Firmware | ||
Siemens Siplus Net Cp 1242-7 V2 | ||
Siemens Siplus Net Cp 1543-1 Firmware | <3.0.22 | |
Siemens Siplus Net Cp 1543-1 | ||
Siemens Siplus S7-1200 Cp 1243-1 Firmware | ||
Siemens Siplus S7-1200 Cp 1243-1 | ||
Siemens Siplus S7-1200 Cp 1243-1 Rail Firmware | ||
Siemens Siplus S7-1200 Cp 1243-1 Rail |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-34819 is a vulnerability identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1, and more.
CVE-2022-34819 has a severity rating of critical (10/10).
SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1, and more are affected by CVE-2022-34819.
To resolve CVE-2022-34819, update the affected SIMATIC CP firmware versions to V3.3.46 or later.
You can find more information about CVE-2022-34819 in the following reference: https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf