PatchSiren cyber security CVE debrief
CVE-2022-40225 Siemens CVE debrief
A floating point exception vulnerability in Siemens TIM 1531 IRC industrial communication modules can be triggered by casting an internal value under specific conditions, resulting in denial of service. The flaw was disclosed in CISA advisory ICSA-24-165-06 on June 11, 2024, with a CVSS 3.1 score of 6.5 (Medium severity). Affected products include SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) and TIM 1531 IRC (6GK7543-1MX00-0XE0). Siemens has released firmware version V2.4.8 to address this issue. The vulnerability requires network access and low privileges to exploit, with no confidentiality or integrity impact but high availability impact.
- Vendor
- Siemens
- Product
- SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0)
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-11
- Original CVE updated
- 2024-07-09
- Advisory published
- 2024-06-11
- Advisory updated
- 2024-07-09
Who should care
Organizations operating Siemens TIM 1531 IRC or SIPLUS TIM 1531 IRC modules in industrial environments, particularly those with remote access enabled or network-exposed OT infrastructure.
Technical summary
The vulnerability exists in the firmware of Siemens TIM 1531 IRC industrial communication modules. An improper casting operation on internal values can trigger a floating point exception, causing the device to crash and resulting in denial of service. The attack vector is network-based with low attack complexity, requiring low privileges but no user interaction. The vulnerability does not impact confidentiality or integrity but has high availability impact.
Defensive priority
medium
Recommended defensive actions
- Apply Siemens firmware update V2.4.8 or later to affected TIM 1531 IRC devices
- Review network segmentation for industrial control systems per CISA ICS recommended practices
- Monitor for anomalous network traffic targeting TIM 1531 IRC modules
- Validate that remote access to affected devices follows least-privilege principles
Evidence notes
CISA CSAF advisory ICSA-24-165-06 published 2024-06-11; Siemens SSA-337522; CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Official resources
-
CVE-2022-40225 CVE record
CVE.org
-
CVE-2022-40225 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-06-11