Full Report
Multiple vulnerabilities in the affected products could allow an unauthorized attacker with network access to the webserver of an affected products to perform a denial of service attack. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Multiple Denial of Service Vulnerabilities in Siemens Industrial Product Webservers
## CVE Details
- CVE ID: CVE-2022-43716, CVE-2022-43767, CVE-2022-43768
- CVSS Score: 7.5 (High)
- CWE: CWE-416 (Use After Free for CVE-2022-43716), CWE-833 (Deadlock Vulnerability for CVE-2022-43767), CWE-770 (Allocation of Resources Without Limits or Throttling for CVE-2022-43768)
## Affected Systems
- Products:
- SIMATIC CP 443-1 (6GK7443-1EX30-0XE0)
- SIMATIC CP 443-1 (6GK7443-1EX30-0XE1)
- SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0)
- SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0)
- SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0)
- SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)
- (Note: The advisory also references fixes for SIMATIC CP 15xxSP-1 devices and SIMATIC S7-1200 CP 1200 family fixes updated in later versions.)
- Versions:
- For CP 443-1 and CP 443-1 Advanced: All versions prior to V3.3.
- For CP 1242-7 V2, CP 1243-1, and CP 1243-1 DNP3: All versions prior to V3.4.29.
- Configurations: Affects the webserver component of the listed products.
## Vulnerability Description
Multiple vulnerabilities exist specifically within the webserver of the affected Siemens industrial products. These flaws, including a Use After Free, a Deadlock, and resource allocation issues, can be leveraged by an attacker to cause a Denial of Service (DoS) condition. Successful exploitation of CVE-2022-43716 leads to a restart of the webserver.
## Exploitation
- Status: Exploitation status is not explicitly stated as "in the wild"; however, the CVSS vector includes an Environmental Score component suggesting known exploitability factors are considered (E:P - Proof-of-Concept). The vendor discovered these vulnerabilities internally.
- Complexity: Low (AC:L)
- Attack Vector: Network (AV:N)
## Impact
- Confidentiality: No Impact (C:N)
- Integrity: No Impact (I:N)
- Availability: High Impact (A:H) - Can cause the webserver to restart or become completely unavailable.
## Remediation
### Patches
- **SIMATIC CP 443-1, CP 443-1 Advanced:** Update to Version V3.3 or later.
- Support Link: hXXps://support.industry.siemens.com/cs/ww/en/view/109817938/
- **SIMATIC CP 1242-7 V2, CP 1243-1, CP 1243-1 DNP3:** Update to Version V3.4.29 or later.
- Support Link: hXXps://support.industry.siemens.com/cs/ww/en/view/109823721/
- (Note: Refer to the vendor advisory for the most recent updates covering other affected product lines.)
### Workarounds
- Consult the specific section in the vendor advisory titled "Workarounds and Mitigations" for temporary solutions if immediate patching is not possible. (Specific details on workarounds are not provided in this summary text block.)
## Detection
- The advisory focuses on patch deployment rather than specific IOCs, as the primary impact is DoS.
- Detection should center on monitoring network connectivity and health checks for the webserver interface of the affected devices, looking for unexpected restarts or periods of unresponsiveness originating from network activity.
## References
- Vendor Advisory: Siemens SSA-566905
- Siemens ProductCERT General Inquiries: hXXps://www.siemens.com/cert/advisories