QID 591370
Date Published: 2023-04-03
QID 591370: Siemens SIMATIC HMI Panels Improper Input Validation Vulnerability (ICSA-22-286-14, SSA-384224)
AFFECTED PRODUCTS
SIMATIC HMI Comfort Panels (incl. SIPLUS variants): All versions prior to V17 Update 4
SIMATIC HMI KTP400 Basic (6AV2123-2DB03-0AX0): All versions prior to V17 Update 5
SIMATIC HMI KTP700 Basic (6AV2123-2GB03-0AX0): All versions prior to V17 Update 5
SIMATIC HMI KTP900 Basic (6AV2123-2JB03-0AX0): All versions prior to V17 Update 5
SIMATIC HMI KTP1200 Basic (6AV2123-2MB03-0AX0): All versions prior to V17 Update 5
SIMATIC HMI KTP Mobile Panels: All versions prior to V17 Update 4
SIPLUS HMI KTP400 BASIC (6AG1123-2DB03-2AX0): All versions prior to V17 Update 5
SIPLUS HMI KTP700 BASIC (6AG1123-2GB03-2AX0): All versions prior to V17 Update 5
SIPLUS HMI KTP900 BASIC (6AG1123-2JB03-2AX0): All versions prior to V17 Update 5
SIPLUS HMI KTP1200 BASIC (6AG1123-2MB03-2AX0): All versions prior to V17 Update 5
QID Detection Logic:
This QID checks for the Vulnerable version of Ovarro TBox using passive scanning.
Successful exploitation of this vulnerability could allow an attacker to cause a permanent denial-of-service condition by sending specially crafted TCP packets. This condition would then require a device reboot.
Customers are advised to refer to CERT MITIGATIONS section icsa-22-286-14 for affected packages and patching details.
- icsa-22-286-14 -
www.cisa.gov/uscert/ics/advisories/icsa-22-286-14
CVEs related to QID 591370
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| SSA-384224 |
cert-portal.siemens.com/productcert/html/ssa-384224.html |
||
| icsa-22-286-14 |
www.cisa.gov/uscert/ics/advisories/icsa-22-286-14 |