CVE-2022-33939

Name of the Vulnerable Software and Affected Versions CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) CENTUM CS 3000 CENTUM CS 3000 Entry Class CENTUM VP CENTUM VP Entry Class

Description The issue is related to errors in resource management, which may lead to resource consumption. If exploited, an attacker may cause a denial of service (DoS) condition by sending specially crafted packets to the affected product. This can be achieved through ADL communication.

Recommendations For CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451), consider restricting access to the communication packets processing module to minimize the risk of exploitation. For CENTUM CS 3000, CENTUM CS 3000 Entry Class, CENTUM VP, and CENTUM VP Entry Class, restrict access to the resource management module to prevent potential denial of service conditions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.