CVE-2022-40225

Vulnerability

A vulnerability exists in SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) and TIM 1531 IRC (6GK7543-1MX00-0XE0) devices, specifically in all versions prior to V2.4.8. The flaw involves casting an internal value that, under certain conditions, leads to a floating point exception. This affects the core operation of the device, triggering an exception that can disrupt normal functionality [1].

Exploitation

An attacker can exploit this vulnerability without authentication, likely via network access to the affected device. The attacker must trigger the specific condition where internal value casting results in a floating point exception. This does not require special privileges or user interaction, making it remotely exploitable in the network context [1].

Impact

Successful exploitation results in a denial of service (DoS) condition. The device becomes unavailable for its intended communication and control functions, impacting availability of the industrial control system. No data confidentiality or integrity compromise is described [1].

Mitigation

Siemens has released firmware version V2.4.8 to address this vulnerability. Users should update to V2.4.8 or later. As of the publication date (2024-06-11), no workarounds are disclosed. The advisory is available under Siemens’ Security Advisory terms [1].