CVE-2022-43723
CVE-2022-43723
In short
SICAM PAS/PQS software fails to properly validate input in a network parameter, allowing remote attackers to crash the application and disrupt service without needing credentials.
Technical detail
The s7ontcp.dll component lacks proper input validation for a specific parameter, enabling unauthenticated remote attackers to craft malicious messages that trigger unhandled exceptions and denial of service. The vulnerability affects versions prior to 7.0 and 7.0 through 8.05, with no authentication required for exploitation.
Summary generated and translated by AI from the official description.
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0), SICAM PAS/PQS (All versions >= 7.0 < V8.06). Affected software does not properly validate the input for a certain parameter in the s7ontcp.dll. This could allow an unauthenticated remote attacker to send messages and create a denial of service condition as the application crashes. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
Siemens · SICAM PAS/PQSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →