{"containers":{"cna":{"providerMetadata":{"orgId":"cec7a2ec-15b4-4faf-bd53-b40f371f3a77","shortName":"siemens","dateUpdated":"2023-03-14T09:30:39.103Z"},"descriptions":[{"lang":"en","value":"A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). The application does not correctly escape some user provided fields during the authentication process. This could allow an attacker to inject custom commands and execute arbitrary code with elevated privileges."}],"affected":[{"vendor":"Siemens","product":"SIMATIC CP 1242-7 V2","versions":[{"version":"All versions < V3.3.46","status":"affected"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC CP 1243-1","versions":[{"version":"All versions < V3.3.46","status":"affected"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC CP 1243-7 LTE EU","versions":[{"version":"All versions < V3.3.46","status":"affected"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC CP 1243-7 LTE US","versions":[{"version":"All versions < V3.3.46","status":"affected"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC CP 1243-8 IRC","versions":[{"version":"All versions < V3.3.46","status":"affected"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC CP 1542SP-1 IRC","versions":[{"version":"All versions >= V2.0 < V2.2.28","status":"affected"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC CP 1543-1","versions":[{"version":"All versions < V3.0.22","status":"affected"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC CP 1543SP-1","versions":[{"version":"All versions >= V2.0 < V2.2.28","status":"affected"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL","versions":[{"version":"All versions >= V2.0 < V2.2.28","status":"affected"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIPLUS ET 200SP CP 1543SP-1 ISEC","versions":[{"version":"All versions >= V2.0 < V2.2.28","status":"affected"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL","versions":[{"version":"All versions >= V2.0 < V2.2.28","status":"affected"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIPLUS NET CP 1242-7 V2","versions":[{"version":"All versions < V3.3.46","status":"affected"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIPLUS NET CP 1543-1","versions":[{"version":"All versions < V3.0.22","status":"affected"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIPLUS S7-1200 CP 1243-1","versions":[{"version":"All versions < V3.3.46","status":"affected"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIPLUS S7-1200 CP 1243-1 RAIL","versions":[{"version":"All versions < V3.3.46","status":"affected"}],"defaultStatus":"unknown"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C","baseScore":8.4,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-77","description":"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')","type":"CWE"}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T09:22:10.675Z"},"title":"CVE Program Container","references":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-04-18T15:22:59.563603Z","id":"CVE-2022-34820","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-21T13:51:29.230Z"}}]},"cveMetadata":{"assignerOrgId":"cec7a2ec-15b4-4faf-bd53-b40f371f3a77","assignerShortName":"siemens","cveId":"CVE-2022-34820","datePublished":"2022-07-12T10:07:29.000Z","dateReserved":"2022-06-29T00:00:00.000Z","dateUpdated":"2025-04-21T13:51:29.230Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}