CVE-2022-34819

Name of the Vulnerable Software and Affected Versions SIMATIC CP 1242-7 V2 versions prior to V3.3.46 SIMATIC CP 1243-1 versions prior to V3.3.46 SIMATIC CP 1243-7 LTE EU versions prior to V3.3.46 SIMATIC CP 1243-7 LTE US versions prior to V3.3.46 SIMATIC CP 1243-8 IRC versions prior to V3.3.46 SIMATIC CP 1542SP-1 IRC versions 2.0 through 2.2.28 SIMATIC CP 1543-1 versions prior to V3.0.22 SIMATIC CP 1543SP-1 versions 2.0 through 2.2.28 SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL versions 2.0 through 2.2.28 SIPLUS ET 200SP CP 1543SP-1 ISEC versions 2.0 through 2.2.28 SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL versions 2.0 through 2.2.28 SIPLUS NET CP 1242-7 V2 versions prior to V3.3.46 SIPLUS NET CP 1543-1 versions prior to V3.0.22 SIPLUS S7-1200 CP 1243-1 versions prior to V3.3.46 SIPLUS S7-1200 CP 1243-1 RAIL versions prior to V3.3.46

Description The application lacks proper validation of user-supplied data when parsing specific messages, which could result in a heap-based buffer overflow. An attacker could leverage this issue to execute code in the context of the device.

Recommendations For SIMATIC CP 1242-7 V2 versions prior to V3.3.46, update to version V3.3.46 or later. For SIMATIC CP 1243-1 versions prior to V3.3.46, update to version V3.3.46 or later. For SIMATIC CP 1243-7 LTE EU versions prior to V3.3.46, update to version V3.3.46 or later. For SIMATIC CP 1243-7 LTE US versions prior to V3.3.46, update to version V3.3.46 or later. For SIMATIC CP 1243-8 IRC versions prior to V3.3.46, update to version V3.3.46 or later. For SIMATIC CP 1542SP-1 IRC versions 2.0 through 2.2.28, update to version 2.2.28 or later. For SIMATIC CP 1543-1 versions prior to V3.0.22, update to version V3.0.22 or later. For SIMATIC CP 1543SP-1 versions 2.0 through 2.2.28, update to version 2.2.28 or later. For SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL versions 2.0 through 2.2.28, update to version 2.2.28 or later. For SIPLUS ET 200SP CP 1543SP-1 ISEC versions 2.0 through 2.2.28, update to version 2.2.28 or later. For SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL versions 2.0 through 2.2.28, update to version 2.2.28 or later. For SIPLUS NET CP 1242-7 V2 versions prior to V3.3.46, update to version V3.3.46 or later. For SIPLUS NET CP 1543-1 versions prior to V3.0.22, update to version V3.0.22 or later. For SIPLUS S7-1200 CP 1243-1 versions prior to V3.3.46, update to version V3.3.46 or later. For SIPLUS S7-1200 CP 1243-1 RAIL versions prior to V3.3.46, update to version V3.3.46 or later.