PT-2023-9401 · Siemens · Siplus S7-1200 Cp 1243-1 Rail+20
Published
2023-04-11
·
Updated
2024-09-10
·
CVE-2022-43768
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
SIMATIC CP 1242-7 V2 versions prior to V3.4.29
SIMATIC CP 1243-1 versions prior to V3.4.29
SIMATIC CP 1243-1 DNP3 versions prior to V3.4.29
SIMATIC CP 1243-1 IEC versions prior to V3.4.29
SIMATIC CP 1243-7 LTE EU versions prior to V3.4.29
SIMATIC CP 1243-7 LTE US versions prior to V3.4.29
SIMATIC CP 1243-8 IRC versions prior to V3.4.29
SIMATIC CP 1542SP-1 versions prior to V2.3
SIMATIC CP 1542SP-1 IRC versions prior to V2.3
SIMATIC CP 1543SP-1 versions prior to V2.3
SIMATIC CP 443-1 versions prior to V3.3
SIMATIC CP 443-1 Advanced versions prior to V3.3
SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL versions prior to V2.3
SIPLUS ET 200SP CP 1543SP-1 ISEC versions prior to V2.3
SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL versions prior to V2.3
SIPLUS NET CP 1242-7 V2 versions prior to V3.4.29
SIPLUS NET CP 443-1 versions prior to V3.3
SIPLUS NET CP 443-1 Advanced versions prior to V3.3
SIPLUS S7-1200 CP 1243-1 versions prior to V3.4.29
SIPLUS S7-1200 CP 1243-1 RAIL versions prior to V3.4.29
SIPLUS TIM 1531 IRC versions prior to V2.3.6
TIM 1531 IRC versions prior to V2.3.6
Description
The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product. The vulnerability is related to the distribution of resources without limits and regulation.
Recommendations
As a temporary workaround, consider disabling the webserver of the affected products until a patch is available.
Restrict access to the webserver to minimize the risk of exploitation.
Update SIMATIC CP 1242-7 V2 to version V3.4.29 or later.
Update SIMATIC CP 1243-1 to version V3.4.29 or later.
Update SIMATIC CP 1243-1 DNP3 to version V3.4.29 or later.
Update SIMATIC CP 1243-1 IEC to version V3.4.29 or later.
Update SIMATIC CP 1243-7 LTE EU to version V3.4.29 or later.
Update SIMATIC CP 1243-7 LTE US to version V3.4.29 or later.
Update SIMATIC CP 1243-8 IRC to version V3.4.29 or later.
Update SIMATIC CP 1542SP-1 to version V2.3 or later.
Update SIMATIC CP 1542SP-1 IRC to version V2.3 or later.
Update SIMATIC CP 1543SP-1 to version V2.3 or later.
Update SIMATIC CP 443-1 to version V3.3 or later.
Update SIMATIC CP 443-1 Advanced to version V3.3 or later.
Update SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL to version V2.3 or later.
Update SIPLUS ET 200SP CP 1543SP-1 ISEC to version V2.3 or later.
Update SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL to version V2.3 or later.
Update SIPLUS NET CP 1242-7 V2 to version V3.4.29 or later.
Update SIPLUS NET CP 443-1 to version V3.3 or later.
Update SIPLUS NET CP 443-1 Advanced to version V3.3 or later.
Update SIPLUS S7-1200 CP 1243-1 to version V3.4.29 or later.
Update SIPLUS S7-1200 CP 1243-1 RAIL to version V3.4.29 or later.
Update SIPLUS TIM 1531 IRC to version V2.3.6 or later.
Update TIM 1531 IRC to version V2.3.6 or later.
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simatic Cp 1242-7 V2
Simatic Cp 1243-1
Simatic Cp 1243-1 Dnp3
Simatic Cp 1243-1 Iec
Simatic Cp 1243-7 Lte Eu
Simatic Cp 1243-7 Lte Us
Simatic Cp 1243-8 Irc
Simatic Cp 1542Sp-1 Irc
Simatic Cp 1543Sp-1
Simatic Cp 443-1
Simatic Cp 443-1 Advanced
Siplus Et 200Sp Cp 1542Sp-1 Irc Tx Rail
Siplus Et 200Sp Cp 1543Sp-1 Isec
Siplus Et 200Sp Cp 1543Sp-1 Isec Tx Rail
Siplus Net Cp 1242-7 V2
Siplus Net Cp 443-1
Siplus Net Cp 443-1 Advanced
Siplus S7-1200 Cp 1243-1
Siplus S7-1200 Cp 1243-1 Rail
Siplus Tim 1531 Irc
Tim 1531 Irc