Publication Date:
Last Update:
Current Version: V2.2
CVSS v3.1 Base Score: 5.3
Un-/Collapse All
Affected Product and Versions Remediation

All versions < V2.0.0
affected by CVE-2022-25622

All versions < V2.0.0
affected by CVE-2022-25622

All versions >= V5.1.1 < V5.1.2
affected by CVE-2022-25622

All versions >= V5.1.1 < V5.1.2
affected by CVE-2022-25622

All versions >= V5.1.1 < V5.1.2
affected by CVE-2022-25622

All versions >= V5.1.1 < V5.1.3
affected by CVE-2022-25622

All versions >= V5.1.1 < V5.1.2
affected by CVE-2022-25622

All versions >= V5.1.1 < V5.1.2
affected by CVE-2022-25622

All versions
affected by CVE-2022-25622
Currently no fix is planned
Expand children
Currently no fix is planned

All versions < V3.2.19
affected by CVE-2022-25622

All versions < V3.2.19
affected by CVE-2022-25622

All versions < V3.2.19
affected by CVE-2022-25622

All versions < V3.2.19
affected by CVE-2022-25622

All versions < V3.2.19
affected by CVE-2022-25622

All versions
affected by CVE-2022-25622
Currently no fix is planned

All versions
affected by CVE-2022-25622
Currently no fix is planned
Expand children
Currently no fix is planned
Expand children
Currently no fix is planned

All versions >= V4.2.0
affected by CVE-2022-25622
Currently no fix is planned

All versions
affected by CVE-2022-25622
Currently no fix is planned

All versions >= 4.2
affected by CVE-2022-25622
Currently no fix is planned

All versions < V3.3.19
affected by CVE-2022-25622

All versions < V3.2.19
affected by CVE-2022-25622

All versions < V3.2.19
affected by CVE-2022-25622

All versions < V3.2.19
affected by CVE-2022-25622

All versions < V3.2.19
affected by CVE-2022-25622

All versions < V3.2.19
affected by CVE-2022-25622

All versions < V3.2.19
affected by CVE-2022-25622

All versions < V3.2.19
affected by CVE-2022-25622

All versions < V3.2.19
affected by CVE-2022-25622

All versions < V3.2.19
affected by CVE-2022-25622

All versions
affected by CVE-2022-25622
Currently no fix is planned

All versions
affected by CVE-2022-25622
Currently no fix is planned

All versions
affected by CVE-2022-25622
Currently no fix is planned

All versions
affected by CVE-2022-25622
Currently no fix is planned

All versions
affected by CVE-2022-25622
Currently no fix is planned

All versions < V6.0.10
affected by CVE-2022-25622

All versions < V8.2.3
affected by CVE-2022-25622

All versions < V10.1.1
affected by CVE-2022-25622

All versions < V1.1.10
affected by CVE-2022-25622

All versions < V1.2.1
affected by CVE-2022-25622

All versions
affected by CVE-2022-25622
Currently no fix is planned

All versions
affected by CVE-2022-25622
Currently no fix is planned

All versions < V1.5 SP1 with Ethernet interface
affected by CVE-2022-25622

All versions < V4.7.14 with Ethernet interface
affected by CVE-2022-25622

All versions < V4.7.14 with Ethernet interface
affected by CVE-2022-25622

All versions < V4.7 SP14 with Ethernet interface
affected by CVE-2022-25622

All versions < V5.2.3.13
affected by CVE-2022-25622

All versions < V5.2.3.13
affected by CVE-2022-25622

All versions with Ethernet interface
affected by CVE-2022-25622
Currently no fix is planned

All versions < V5.2 SP3 HF13
affected by CVE-2022-25622
Update to V5.2 SP3 HF13 or later version

All versions < V5.2.3.13
affected by CVE-2022-25622

All versions < V5.2 SP3 HF18
affected by CVE-2022-25622
Update to V5.2 SP3 HF18 or later version

All versions < V1.04.04 with Ethernet interface
affected by CVE-2022-25622

All versions < V3.2.19
affected by CVE-2022-25622

All versions < V3.2.19
affected by CVE-2022-25622

All versions
affected by CVE-2022-25622
Currently no fix is planned

All versions
affected by CVE-2022-25622
Currently no fix is planned

All versions
affected by CVE-2022-25622
Currently no fix is planned

All versions >= 4.2
affected by CVE-2022-25622
Currently no fix is planned

All versions < V3.3.19
affected by CVE-2022-25622

All versions < V3.2.19
affected by CVE-2022-25622

All versions < V3.2.19
affected by CVE-2022-25622

All versions < V3.2.19
affected by CVE-2022-25622

All versions < V3.2.19
affected by CVE-2022-25622

All versions
affected by CVE-2022-25622
Currently no fix is planned

All versions
affected by CVE-2022-25622
Currently no fix is planned
  • Limit access to port 102/tcp to trusted users and systems only

Product-specific remediations or mitigations can be found in the section Affected Products and Solution.
Please follow the General Security Recommendations.

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CWE CWE-400: Uncontrolled Resource Consumption

https://www.siemens.com/cert/advisories
V1.0 (2022-04-12): Publication Date
V1.1 (2022-06-14): Added ET200SP/MP/AL/EcoPN, PN/xx Coupler, SIPLUS HCS4x00 and SINAMICS products to the list of affected products
V1.2 (2022-07-12): Added SINAMICS S110/V90/DCM products to the list of affected products. Additional details added to SINAMICS affected versions
V1.3 (2022-08-09): Added fix for SIMATIC S7-410 CPU family
V1.4 (2022-10-11): Added fix for SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants); removed SIMIT Simulation Platform as not affected
V1.5 (2022-12-13): Added fix for SIMATIC S7-410 V10 CPU family and SIMATIC TDC
V1.6 (2023-01-10): No fix planned for SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), added fix for SINAMICS S120 (incl. SIPLUS variants)
V1.7 (2023-02-14): Added additional SIMATIC ET200ecoPN products (CM 4x IO-Link, M12-L / CM 8x IO-Link, M12-L / AI 8xRTD/TC, M12-L) to the list of affected products
V1.8 (2023-04-11): Added fix for SINAMICS G130, G150, S150
V1.9 (2023-07-11): Added fix for SINAMICS G110M, G115D, G120; Expanded SIMATIC S7-400 V7 CPU family to individual products and MLFBs; clarified that no fix is planned for SIMATIC S7-400 PN/DP V7 CPUs, while other S7-400 V7 CPUs are not affected
V2.0 (2024-05-14): Added fix for several SIMATIC ET200ecoPN devices
V2.1 (2024-06-11): Added fix for SINAMICS S210, SIMATIC CFU DIQ and SIMATIC CFU PA
V2.2 (2024-07-09): Added fix for SINAMICS DCM and SINAMICS V90; clarified that no fix is planned for SINAMICS S110; listed affected products individually instead of product families (e.g., for SIMATIC ET 200AL/MP/SP/pro IM families); added affected SIPLUS devices (e.g., SIPLUS ET 200xx IM)