PatchSiren cyber security CVE debrief
CVE-2022-44792 Siemens CVE debrief
A NULL pointer dereference vulnerability exists in the Net-SNMP library's handle_ipDefaultTTL function within agent/mibgroup/ip-mib/ip_scalars.c, affecting versions 5.8 through 5.9.3. This vulnerability has been identified in Siemens SIMATIC and SIPLUS industrial communication processors. A remote attacker with SNMP write access can trigger a denial-of-service condition by sending a crafted UDP packet, causing the SNMP agent instance to crash. The vulnerability was published on June 11, 2024, and affects six Siemens product variants including SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, CP 1543SP-1, and their SIPLUS ET 200SP ruggedized counterparts. Siemens has released firmware version V2.3 or later to address this issue.
- Vendor
- Siemens
- Product
- SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0)
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-11
- Original CVE updated
- 2024-06-11
- Advisory published
- 2024-06-11
- Advisory updated
- 2024-06-11
Who should care
Industrial control system operators, OT security teams, and network administrators managing Siemens SIMATIC or SIPLUS communication processors in manufacturing, process control, or critical infrastructure environments. Organizations with SNMP-enabled device management in segmented OT networks should prioritize patching to prevent service disruption from authenticated attackers.
Technical summary
The handle_ipDefaultTTL function in Net-SNMP's ip_scalars.c fails to properly validate pointer references before dereferencing, resulting in a NULL pointer exception when processing malformed SNMP packets. This causes the SNMP agent process to terminate unexpectedly. The vulnerability requires the attacker to possess SNMP write credentials, limiting exposure to authenticated threat actors. Affected Siemens products embed vulnerable Net-SNMP versions in their firmware for industrial Ethernet communication modules used in automation environments.
Defensive priority
medium
Recommended defensive actions
- Apply Siemens firmware update V2.3 or later to affected SIMATIC CP and SIPLUS ET 200SP communication processors
- Restrict SNMP write access to authorized administrative hosts only
- Monitor SNMP agent logs for unexpected crashes or restart events
- Implement network segmentation to limit SNMP access to industrial control networks
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
Vulnerability affects Net-SNMP 5.8 through 5.9.3 embedded in Siemens industrial communication processors. Requires remote attacker to have SNMP write access. CISA published advisory ICSA-24-165-10 on June 11, 2024.
Official resources
-
CVE-2022-44792 CVE record
CVE.org
-
CVE-2022-44792 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
published