Vulnerability Details : CVE-2022-45044
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.50), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.50), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.50), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.50), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.50), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.50), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.50), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.50), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.50), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.50), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.50), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.50), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.50), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.50), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.50), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.50), SIPROTEC 5 7SX85 (CP300) (All versions < V9.50), SIPROTEC 5 7UM85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.50), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.50), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.50), SIPROTEC 5 7VE85 (CP300) (All versions < V9.50), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.50), SIPROTEC 5 7VU85 (CP300) (All versions < V9.50), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.50), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.50). Affected devices do not properly restrict secure client-initiated renegotiations within the SSL and TLS protocols. This could allow an attacker to create a denial of service condition on the ports 443/tcp and 4443/tcp for the duration of the attack.
Vulnerability category: Denial of service
Products affected by CVE-2022-45044
- cpe:2.3:o:siemens:siprotec_5_6md85_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_6md86_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_6md89_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_6mu85_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7ke85_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7sa82_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7sa86_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7sa87_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7sd82_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7sd86_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7sd87_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7sj81_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7sj82_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7sj85_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7sj86_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7sk82_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7sk85_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7sl82_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7sl86_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7sl87_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7ss85_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7st85_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7sx85_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7um85_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7ut82_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7ut85_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7ut86_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7ut87_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7ve85_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_7vk87_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_communication_module_ethba2el_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_communication_module_ethbb2fo_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_communication_module_ethbd2fo_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siprotec_5_compact_7sx800_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-45044
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 39 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-45044
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
Siemens AG |
CWE ids for CVE-2022-45044
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by:
- nvd@nist.gov (Secondary)
- productcert@siemens.com (Primary)
References for CVE-2022-45044
-
https://cert-portal.siemens.com/productcert/pdf/ssa-552874.pdf
Mitigation;Vendor Advisory
-
https://cert-portal.siemens.com/productcert/html/ssa-552874.html
SSA-552874
Jump to