CVE-2022-47374

Name of the Vulnerable Software and Affected Versions SIMATIC PC-Station Plus (All versions) SIMATIC S7-400 CPU 412-2 PN V7 (All versions) SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions) SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions) SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions) SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions) SINAMICS S120 (incl. SIPLUS variants) versions prior to V5.2 SP3 HF15 SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions) SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions)

Description The affected products do not handle HTTP(S) requests to the web server correctly, which could allow an attacker to exhaust system resources and create a denial of service condition for the device.

Recommendations For SIMATIC PC-Station Plus, consider restricting access to the web server to minimize the risk of exploitation. For SIMATIC S7-400 CPU 412-2 PN V7, SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, and SIMATIC S7-400 CPU 416F-3 PN/DP V7, restrict access to the web server until a patch is available. For SINAMICS S120 (incl. SIPLUS variants), update to version V5.2 SP3 HF15 or later to resolve the issue. For SIPLUS S7-400 CPU 414-3 PN/DP V7 and SIPLUS S7-400 CPU 416-3 PN/DP V7, restrict access to the web server to minimize the risk of exploitation. As a temporary workaround, consider disabling the web server functionality until a patch is available.