CVE-2022-27194

Name of the Vulnerable Software and Affected Versions SIMATIC PCS neo versions prior to V3.1 SP1 SINETPLAN versions prior to any specified fix TIA Portal versions V15 through V17

Description The issue is related to an uncontrolled resource consumption in the TIA Portal, SINETPLAN, and SIMATIC PCS neo systems. It can be exploited by a remote attacker who sends specially crafted packets to the TCP port 8888, potentially causing a Denial-of-Service condition. The affected system would need to be restarted manually.

Recommendations For SIMATIC PCS neo versions prior to V3.1 SP1, update to version V3.1 SP1 or later. For SINETPLAN, since no specific fix version is mentioned, restart the system manually after an attack to restore service. For TIA Portal versions V15 through V17, restart the system manually after an attack to restore service. As a temporary workaround, consider restricting access to the TCP port 8888 to minimize the risk of exploitation.