CVE-2022-25622 MEDIUM

CVE-2022-25622

Vendor Siemens

Product SIMATIC CFU DIQ

Weakness CWE-400

Published April 12, 2022

Last update April 21, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

What the vulnerability does

01Description

The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments.

Key dates

02Disclosure timeline

April 12, 2022 CVE published

April 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-25622 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/400.html

Related vulnerabilities

Identifiers

CVE CVE-2022-25622

CWE CWE-400

CVSS 5.3 / MEDIUM

Affected versions

Vendor Siemens

Product SIMATIC CFU DIQ

Affected < V2.0.0

Vendor Siemens

Product SIMATIC CFU PA

Affected < V2.0.0

Vendor Siemens

Product SIMATIC ET 200AL IM 157-1 PN

Affected All versions

Vendor Siemens

Product SIMATIC ET 200MP IM 155-5 PN HF

Affected ≥ V4.2.0 and < *

Vendor Siemens

Product SIMATIC ET 200pro IM 154-8 PN/DP CPU

Affected All versions < V3.2.19

Vendor Siemens

Product SIMATIC ET 200pro IM 154-8F PN/DP CPU

Affected All versions < V3.2.19

Vendor Siemens

Product SIMATIC ET 200pro IM 154-8FX PN/DP CPU

Affected All versions < V3.2.19

Vendor Siemens

Product SIMATIC ET 200S IM 151-8 PN/DP CPU

Affected All versions < V3.2.19

Vendor Siemens

Product SIMATIC ET 200S IM 151-8F PN/DP CPU

Affected All versions < V3.2.19

Vendor Siemens

Product SIMATIC ET 200SP IM 155-6 MF HF

Affected < *

Vendor Siemens

Product SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)

Affected All versions

Vendor Siemens

Product SIMATIC ET 200SP IM 155-6 PN HF

Affected ≥ V4.2.0 and < *

Vendor Siemens

Product SIMATIC ET 200SP IM 155-6 PN/2 HF

Affected ≥ V4.2.0 and < *

Vendor Siemens

Product SIMATIC ET 200SP IM 155-6 PN/3 HF

Affected ≥ V4.2.0 and < *

Vendor Siemens

Product SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L

Affected ≥ V5.1.1 and < V5.1.2

Vendor Siemens

Product SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L

Affected ≥ V5.1.1 and < V5.1.2

Vendor Siemens

Product SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L

Affected ≥ V5.1.1 and < V5.1.2

Vendor Siemens

Product SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L

Affected ≥ V5.1.1 and < V5.1.2

Vendor Siemens

Product SIMATIC ET200ecoPN, DI 16x24VDC, M12-L

Affected ≥ V5.1.1 and < V5.1.2

Vendor Siemens

Product SIMATIC ET200ecoPN, DI 8x24VDC, M12-L

Affected ≥ V5.1.1 and < V5.1.2

Vendor Siemens

Product SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L

Affected ≥ V5.1.1 and < V5.1.3

Vendor Siemens

Product SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L

Affected ≥ V5.1.1 and < V5.1.2

Vendor Siemens

Product SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L

Affected ≥ V5.1.1 and < V5.1.2

Vendor Siemens

Product SIMATIC PN/MF Coupler

Affected All versions

Vendor Siemens

Product SIMATIC PN/PN Coupler

Affected All versions >= 4.2

Vendor Siemens

Product SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)

Affected All versions < V2.0.0

Vendor Siemens

Product SIMATIC S7-300 CPU 314C-2 PN/DP

Affected All versions < V3.3.19

Vendor Siemens

Product SIMATIC S7-300 CPU 315-2 PN/DP

Affected All versions < V3.2.19

Vendor Siemens

Product SIMATIC S7-300 CPU 315F-2 PN/DP

Affected All versions < V3.2.19

Vendor Siemens

Product SIMATIC S7-300 CPU 315T-3 PN/DP

Affected All versions < V3.2.19

Vendor Siemens

Product SIMATIC S7-300 CPU 317-2 PN/DP

Affected All versions < V3.2.19

Vendor Siemens

Product SIMATIC S7-300 CPU 317F-2 PN/DP

Affected All versions < V3.2.19

Vendor Siemens

Product SIMATIC S7-300 CPU 317T-3 PN/DP

Affected All versions < V3.2.19

Vendor Siemens

Product SIMATIC S7-300 CPU 317TF-3 PN/DP

Affected All versions < V3.2.19

Vendor Siemens

Product SIMATIC S7-300 CPU 319-3 PN/DP

Affected All versions < V3.2.19

Vendor Siemens

Product SIMATIC S7-300 CPU 319F-3 PN/DP

Affected All versions < V3.2.19

Vendor Siemens

Product SIMATIC S7-400 CPU 412-2 PN V7

Affected < *

Vendor Siemens

Product SIMATIC S7-400 CPU 414-3 PN/DP V7

Affected < *

Vendor Siemens

Product SIMATIC S7-400 CPU 414F-3 PN/DP V7

Affected < *

Vendor Siemens

Product SIMATIC S7-400 CPU 416-3 PN/DP V7

Affected < *

Vendor Siemens

Product SIMATIC S7-400 CPU 416F-3 PN/DP V7

Affected < *

Vendor Siemens

Product SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)

Affected < V6.0.10

Vendor Siemens

Product SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)

Affected All versions < V10.1.1

Vendor Siemens

Product SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)

Affected < V8.2.3

Vendor Siemens

Product SIMATIC TDC CP51M1

Affected < V1.1.10

Vendor Siemens

Product SIMATIC TDC CPU555

Affected < V1.2.1

Vendor Siemens

Product SIMATIC WinAC RTX 2010

Affected All versions

Vendor Siemens

Product SIMATIC WinAC RTX F 2010

Affected All versions

Vendor Siemens

Product SINAMICS DCM

Affected < V1.5 SP1

Vendor Siemens

Product SINAMICS G110M

Affected < V4.7.14

Vendor Siemens

Product SINAMICS G115D

Affected < V4.7.14

Vendor Siemens

Product SINAMICS G120 (incl. SIPLUS variants)

Affected < V4.7 SP14

Vendor Siemens

Product SINAMICS G130

Affected < V5.2.3.13

Vendor Siemens

Product SINAMICS G150

Affected < V5.2.3.13

Vendor Siemens

Product SINAMICS S110

Affected < *

Vendor Siemens

Product SINAMICS S120 (incl. SIPLUS variants)

Affected < V5.2 SP3 HF13

Vendor Siemens

Product SINAMICS S150

Affected < V5.2.3.13

Vendor Siemens

Product SINAMICS S210 (6SL5...)

Affected < V5.2 SP3 HF18

Vendor Siemens

Product SINAMICS V90

Affected < V1.04.04

Vendor Siemens

Product SIPLUS ET 200MP IM 155-5 PN HF

Affected ≥ V4.2.0 and < *

Vendor Siemens

Product SIPLUS ET 200MP IM 155-5 PN HF

Affected ≥ V4.2.0 and < *

Vendor Siemens

Product SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL

Affected ≥ V4.2.0 and < *

Vendor Siemens

Product SIPLUS ET 200S IM 151-8 PN/DP CPU

Affected All versions < V3.2.19

Vendor Siemens

Product SIPLUS ET 200S IM 151-8F PN/DP CPU

Affected All versions < V3.2.19

Vendor Siemens

Product SIPLUS ET 200SP IM 155-6 PN HF

Affected ≥ V4.2.0 and < *

Vendor Siemens

Product SIPLUS ET 200SP IM 155-6 PN HF

Affected ≥ V4.2.0 and < *

Vendor Siemens

Product SIPLUS ET 200SP IM 155-6 PN HF

Affected ≥ V4.2.0 and < *

Vendor Siemens

Product SIPLUS ET 200SP IM 155-6 PN HF

Affected ≥ V4.2.0 and < *

Vendor Siemens

Product SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL

Affected ≥ V4.2.0 and < *

Vendor Siemens

Product SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL

Affected ≥ V4.2.0 and < *

Vendor Siemens

Product SIPLUS ET 200SP IM 155-6 PN HF TX RAIL

Affected ≥ V4.2.0 and < *

Vendor Siemens

Product SIPLUS HCS4200 CIM4210

Affected All versions

Vendor Siemens

Product SIPLUS HCS4200 CIM4210C

Affected All versions

Vendor Siemens

Product SIPLUS HCS4300 CIM4310

Affected All versions

Vendor Siemens

Product SIPLUS NET PN/PN Coupler

Affected All versions >= 4.2

Vendor Siemens

Product SIPLUS S7-300 CPU 314C-2 PN/DP

Affected All versions < V3.3.19

Vendor Siemens

Product SIPLUS S7-300 CPU 315-2 PN/DP

Affected All versions < V3.2.19

Vendor Siemens

Product SIPLUS S7-300 CPU 315F-2 PN/DP

Affected All versions < V3.2.19

Vendor Siemens

Product SIPLUS S7-300 CPU 317-2 PN/DP

Affected All versions < V3.2.19

Vendor Siemens

Product SIPLUS S7-300 CPU 317F-2 PN/DP

Affected All versions < V3.2.19

Vendor Siemens

Product SIPLUS S7-400 CPU 414-3 PN/DP V7

Affected < *

Vendor Siemens

Product SIPLUS S7-400 CPU 416-3 PN/DP V7

Affected < *

CVE-2022-25622

01Description

02Disclosure timeline

03References

04Related CVE