CVE-2022-40227

Name of the Vulnerable Software and Affected Versions SIMATIC HMI Comfort Panels (incl. SIPLUS variants) versions prior to V17 Update 4 SIMATIC HMI KTP Mobile Panels versions prior to V17 Update 4 SIMATIC HMI KTP1200 Basic versions prior to V17 Update 5 SIMATIC HMI KTP400 Basic versions prior to V17 Update 5 SIMATIC HMI KTP700 Basic versions prior to V17 Update 5 SIMATIC HMI KTP900 Basic versions prior to V17 Update 5 SIPLUS HMI KTP1200 BASIC versions prior to V17 Update 5 SIPLUS HMI KTP400 BASIC versions prior to V17 Update 5 SIPLUS HMI KTP700 BASIC versions prior to V17 Update 5 SIPLUS HMI KTP900 BASIC versions prior to V17 Update 5

Description The affected devices do not properly validate input sent to certain services over TCP, which could allow an unauthenticated remote attacker to cause a permanent denial of service condition by sending specially crafted TCP packets. This condition would require a device reboot.

Recommendations For SIMATIC HMI Comfort Panels (incl. SIPLUS variants) versions prior to V17 Update 4, update to V17 Update 4 or later. For SIMATIC HMI KTP Mobile Panels versions prior to V17 Update 4, update to V17 Update 4 or later. For SIMATIC HMI KTP1200 Basic versions prior to V17 Update 5, update to V17 Update 5 or later. For SIMATIC HMI KTP400 Basic versions prior to V17 Update 5, update to V17 Update 5 or later. For SIMATIC HMI KTP700 Basic versions prior to V17 Update 5, update to V17 Update 5 or later. For SIMATIC HMI KTP900 Basic versions prior to V17 Update 5, update to V17 Update 5 or later. For SIPLUS HMI KTP1200 BASIC versions prior to V17 Update 5, update to V17 Update 5 or later. For SIPLUS HMI KTP400 BASIC versions prior to V17 Update 5, update to V17 Update 5 or later. For SIPLUS HMI KTP700 BASIC versions prior to V17 Update 5, update to V17 Update 5 or later. For SIPLUS HMI KTP900 BASIC versions prior to V17 Update 5, update to V17 Update 5 or later.