VDE-2022-005
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2022-03-30 07:30 - Updated: 2025-05-22 13:03Summary
PHOENIX CONTACT: Vulnerabilities in XML parser library Expat (libexpat)
Notes
Summary: Several vulnerabilities have been discovered in the Expat XML parser library (aka libexpat).This open-source component is widely used in a lot of products worldwide.A remote, anonymous attacker could use an integer overflow to execute arbitrary program code when loading specially crafted XML files.
Profinet SDK is using XML parser library Expat as reference solution for loading the XML based Profinet network configuration files (IPPNIO or TIC).
Impact: Availability, integrity, or confidentiality of a device using the PROFINET Controller Stack might be compromised by attacks exploit these vulnerabilities. If specially crafted Profinet network configuration files (IPPNIO or TIC) are loaded during the Profinet startup an integer overflow leads to a buffer overflow which enables the attacker to elevate privileges and obtain access to the device. The attacker may take over the system, steal data or prevent a system or application to run correctly.The PROFINET Device Stack provides an optional configuration possibility via the above-mentioned files and might be vulnerable when this dedicated use case is supported.
Mitigation: The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.
When the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, …) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.
To mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.
Advice's how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.
Companies which are using their own configuration system instead of the reference solution are not affected as long they don't utilize the related libexpat library.
We kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.
Remediation: Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.
Update configuration tool chains to libexpat library version 2.4.6. or higher.
Upgrade to PROFINET SDK 6.6 or higher if necessary.
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
9.8 (Critical)
Mitigation
The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.
When the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, …) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.
To mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.
Advice's how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.
Companies which are using their own configuration system instead of the reference solution are not affected as long they don't utilize the related libexpat library.
We kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.
Vendor Fix
Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.
Update configuration tool chains to libexpat library version 2.4.6. or higher.
Upgrade to PROFINET SDK 6.6 or higher if necessary.
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
9.8 (Critical)
Mitigation
The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.
When the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, …) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.
To mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.
Advice's how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.
Companies which are using their own configuration system instead of the reference solution are not affected as long they don't utilize the related libexpat library.
We kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.
Vendor Fix
Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.
Update configuration tool chains to libexpat library version 2.4.6. or higher.
Upgrade to PROFINET SDK 6.6 or higher if necessary.
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
8.8 (High)
Mitigation
The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.
When the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, …) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.
To mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.
Advice's how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.
Companies which are using their own configuration system instead of the reference solution are not affected as long they don't utilize the related libexpat library.
We kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.
Vendor Fix
Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.
Update configuration tool chains to libexpat library version 2.4.6. or higher.
Upgrade to PROFINET SDK 6.6 or higher if necessary.
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
9.8 (Critical)
Mitigation
The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.
When the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, …) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.
To mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.
Advice's how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.
Companies which are using their own configuration system instead of the reference solution are not affected as long they don't utilize the related libexpat library.
We kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.
Vendor Fix
Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.
Update configuration tool chains to libexpat library version 2.4.6. or higher.
Upgrade to PROFINET SDK 6.6 or higher if necessary.
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
7.5 (High)
Mitigation
The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.
When the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, …) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.
To mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.
Advice's how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.
Companies which are using their own configuration system instead of the reference solution are not affected as long they don't utilize the related libexpat library.
We kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.
Vendor Fix
Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.
Update configuration tool chains to libexpat library version 2.4.6. or higher.
Upgrade to PROFINET SDK 6.6 or higher if necessary.
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
8.8 (High)
Mitigation
The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.
When the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, …) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.
To mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.
Advice's how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.
Companies which are using their own configuration system instead of the reference solution are not affected as long they don't utilize the related libexpat library.
We kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.
Vendor Fix
Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.
Update configuration tool chains to libexpat library version 2.4.6. or higher.
Upgrade to PROFINET SDK 6.6 or higher if necessary.
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
7.8 (High)
Mitigation
The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.
When the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, …) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.
To mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.
Advice's how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.
Companies which are using their own configuration system instead of the reference solution are not affected as long they don't utilize the related libexpat library.
We kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.
Vendor Fix
Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.
Update configuration tool chains to libexpat library version 2.4.6. or higher.
Upgrade to PROFINET SDK 6.6 or higher if necessary.
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
9.8 (Critical)
Mitigation
The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.
When the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, …) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.
To mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.
Advice's how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.
Companies which are using their own configuration system instead of the reference solution are not affected as long they don't utilize the related libexpat library.
We kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.
Vendor Fix
Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.
Update configuration tool chains to libexpat library version 2.4.6. or higher.
Upgrade to PROFINET SDK 6.6 or higher if necessary.
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
9.8 (Critical)
Mitigation
The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.
When the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, …) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.
To mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.
Advice's how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.
Companies which are using their own configuration system instead of the reference solution are not affected as long they don't utilize the related libexpat library.
We kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.
Vendor Fix
Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.
Update configuration tool chains to libexpat library version 2.4.6. or higher.
Upgrade to PROFINET SDK 6.6 or higher if necessary.
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
9.8 (Critical)
Mitigation
The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.
When the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, …) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.
To mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.
Advice's how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.
Companies which are using their own configuration system instead of the reference solution are not affected as long they don't utilize the related libexpat library.
We kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.
Vendor Fix
Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.
Update configuration tool chains to libexpat library version 2.4.6. or higher.
Upgrade to PROFINET SDK 6.6 or higher if necessary.
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
8.8 (High)
Mitigation
The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.
When the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, …) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.
To mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.
Advice's how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.
Companies which are using their own configuration system instead of the reference solution are not affected as long they don't utilize the related libexpat library.
We kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.
Vendor Fix
Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.
Update configuration tool chains to libexpat library version 2.4.6. or higher.
Upgrade to PROFINET SDK 6.6 or higher if necessary.
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
8.8 (High)
Mitigation
The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.
When the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, …) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.
To mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.
Advice's how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.
Companies which are using their own configuration system instead of the reference solution are not affected as long they don't utilize the related libexpat library.
We kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.
Vendor Fix
Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.
Update configuration tool chains to libexpat library version 2.4.6. or higher.
Upgrade to PROFINET SDK 6.6 or higher if necessary.
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
9.8 (Critical)
Mitigation
The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.
When the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, …) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.
To mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.
Advice's how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.
Companies which are using their own configuration system instead of the reference solution are not affected as long they don't utilize the related libexpat library.
We kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.
Vendor Fix
Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.
Update configuration tool chains to libexpat library version 2.4.6. or higher.
Upgrade to PROFINET SDK 6.6 or higher if necessary.
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
7.5 (High)
Mitigation
The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.
When the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, …) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.
To mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.
Advice's how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.
Companies which are using their own configuration system instead of the reference solution are not affected as long they don't utilize the related libexpat library.
We kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.
Vendor Fix
Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.
Update configuration tool chains to libexpat library version 2.4.6. or higher.
Upgrade to PROFINET SDK 6.6 or higher if necessary.
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
6.5 (Medium)
Mitigation
The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.
When the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, …) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.
To mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.
Advice's how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.
Companies which are using their own configuration system instead of the reference solution are not affected as long they don't utilize the related libexpat library.
We kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.
Vendor Fix
Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.
Update configuration tool chains to libexpat library version 2.4.6. or higher.
Upgrade to PROFINET SDK 6.6 or higher if necessary.
References
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Several vulnerabilities have been discovered in the Expat XML parser library (aka libexpat).This open-source component is widely used in a lot of products worldwide.A remote, anonymous attacker could use an integer overflow to execute arbitrary program code when loading specially crafted XML files.\nProfinet SDK is using XML parser library Expat as reference solution for loading the XML based Profinet network configuration files (IPPNIO or TIC).",
"title": "Summary"
},
{
"category": "description",
"text": "Availability, integrity, or confidentiality of a device using the PROFINET Controller Stack might be compromised by attacks exploit these vulnerabilities. If specially crafted Profinet network configuration files (IPPNIO or TIC) are loaded during the Profinet startup an integer overflow leads to a buffer overflow which enables the attacker to elevate privileges and obtain access to the device. The attacker may take over the system, steal data or prevent a system or application to run correctly.The PROFINET Device Stack provides an optional configuration possibility via the above-mentioned files and might be vulnerable when this dedicated use case is supported.",
"title": "Impact"
},
{
"category": "description",
"text": "The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.\nWhen the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, \u2026) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.\nTo mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.\nAdvice\u0027s how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.\nCompanies which are using their own configuration system instead of the reference solution are not affected as long they don\u0027t utilize the related libexpat library.\nWe kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.",
"title": "Mitigation"
},
{
"category": "description",
"text": "Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.\nUpdate configuration tool chains to libexpat library version 2.4.6. or higher.\nUpgrade to PROFINET SDK 6.6 or higher if necessary.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "PHOENIX CONTACT advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/phoenixcontact/"
},
{
"category": "self",
"summary": "VDE-2022-005: PHOENIX CONTACT: Vulnerabilities in XML parser library Expat (libexpat) - HTML",
"url": "https://certvde.com/en/advisories/VDE-2022-005"
},
{
"category": "self",
"summary": "VDE-2022-005: PHOENIX CONTACT: Vulnerabilities in XML parser library Expat (libexpat) - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2022-005.json"
}
],
"title": "PHOENIX CONTACT: Vulnerabilities in XML parser library Expat (libexpat)",
"tracking": {
"aliases": [
"VDE-2022-005"
],
"current_release_date": "2025-05-22T13:03:10.000Z",
"generator": {
"date": "2025-04-09T08:03:30.750Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.22"
}
},
"id": "VDE-2022-005",
"initial_release_date": "2022-03-30T07:30:00.000Z",
"revision_history": [
{
"date": "2022-03-30T07:30:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "2",
"summary": "Fix: quotation mark"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "6.0\u003c6.6",
"product": {
"name": "PROFINET SDK 6.0\u003c6.6",
"product_id": "CSAFPID-51001",
"product_identification_helper": {
"model_numbers": [
"1175941"
]
}
}
},
{
"category": "product_version",
"name": "6.6",
"product": {
"name": "PROFINET SDK 6.6",
"product_id": "CSAFPID-52001",
"product_identification_helper": {
"model_numbers": [
"1175941"
]
}
}
}
],
"category": "product_name",
"name": "PROFINET SDK"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "Phoenix Contact"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-25236",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"notes": [
{
"category": "description",
"text": "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.\nWhen the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, \u2026) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.\nTo mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.\nAdvice\u0027s how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.\nCompanies which are using their own configuration system instead of the reference solution are not affected as long they don\u0027t utilize the related libexpat library.\nWe kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.\nUpdate configuration tool chains to libexpat library version 2.4.6. or higher.\nUpgrade to PROFINET SDK 6.6 or higher if necessary.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2022-25236"
},
{
"cve": "CVE-2022-25235",
"cwe": {
"id": "CWE-116",
"name": "Improper Encoding or Escaping of Output"
},
"notes": [
{
"category": "description",
"text": "xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.\nWhen the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, \u2026) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.\nTo mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.\nAdvice\u0027s how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.\nCompanies which are using their own configuration system instead of the reference solution are not affected as long they don\u0027t utilize the related libexpat library.\nWe kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.\nUpdate configuration tool chains to libexpat library version 2.4.6. or higher.\nUpgrade to PROFINET SDK 6.6 or higher if necessary.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2022-25235"
},
{
"cve": "CVE-2022-22827",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.\nWhen the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, \u2026) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.\nTo mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.\nAdvice\u0027s how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.\nCompanies which are using their own configuration system instead of the reference solution are not affected as long they don\u0027t utilize the related libexpat library.\nWe kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.\nUpdate configuration tool chains to libexpat library version 2.4.6. or higher.\nUpgrade to PROFINET SDK 6.6 or higher if necessary.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2022-22827"
},
{
"cve": "CVE-2022-23852",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.\nWhen the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, \u2026) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.\nTo mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.\nAdvice\u0027s how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.\nCompanies which are using their own configuration system instead of the reference solution are not affected as long they don\u0027t utilize the related libexpat library.\nWe kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.\nUpdate configuration tool chains to libexpat library version 2.4.6. or higher.\nUpgrade to PROFINET SDK 6.6 or higher if necessary.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2022-23852"
},
{
"cve": "CVE-2022-23990",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.\nWhen the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, \u2026) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.\nTo mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.\nAdvice\u0027s how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.\nCompanies which are using their own configuration system instead of the reference solution are not affected as long they don\u0027t utilize the related libexpat library.\nWe kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.\nUpdate configuration tool chains to libexpat library version 2.4.6. or higher.\nUpgrade to PROFINET SDK 6.6 or higher if necessary.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2022-23990"
},
{
"cve": "CVE-2021-45960",
"cwe": {
"id": "CWE-682",
"name": "Incorrect Calculation"
},
"notes": [
{
"category": "description",
"text": "In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.\nWhen the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, \u2026) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.\nTo mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.\nAdvice\u0027s how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.\nCompanies which are using their own configuration system instead of the reference solution are not affected as long they don\u0027t utilize the related libexpat library.\nWe kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.\nUpdate configuration tool chains to libexpat library version 2.4.6. or higher.\nUpgrade to PROFINET SDK 6.6 or higher if necessary.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-45960"
},
{
"cve": "CVE-2021-46143",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.\nWhen the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, \u2026) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.\nTo mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.\nAdvice\u0027s how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.\nCompanies which are using their own configuration system instead of the reference solution are not affected as long they don\u0027t utilize the related libexpat library.\nWe kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.\nUpdate configuration tool chains to libexpat library version 2.4.6. or higher.\nUpgrade to PROFINET SDK 6.6 or higher if necessary.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-46143"
},
{
"cve": "CVE-2022-22822",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.\nWhen the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, \u2026) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.\nTo mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.\nAdvice\u0027s how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.\nCompanies which are using their own configuration system instead of the reference solution are not affected as long they don\u0027t utilize the related libexpat library.\nWe kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.\nUpdate configuration tool chains to libexpat library version 2.4.6. or higher.\nUpgrade to PROFINET SDK 6.6 or higher if necessary.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2022-22822"
},
{
"cve": "CVE-2022-22823",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.\nWhen the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, \u2026) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.\nTo mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.\nAdvice\u0027s how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.\nCompanies which are using their own configuration system instead of the reference solution are not affected as long they don\u0027t utilize the related libexpat library.\nWe kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.\nUpdate configuration tool chains to libexpat library version 2.4.6. or higher.\nUpgrade to PROFINET SDK 6.6 or higher if necessary.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2022-22823"
},
{
"cve": "CVE-2022-22824",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.\nWhen the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, \u2026) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.\nTo mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.\nAdvice\u0027s how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.\nCompanies which are using their own configuration system instead of the reference solution are not affected as long they don\u0027t utilize the related libexpat library.\nWe kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.\nUpdate configuration tool chains to libexpat library version 2.4.6. or higher.\nUpgrade to PROFINET SDK 6.6 or higher if necessary.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2022-22824"
},
{
"cve": "CVE-2022-22825",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.\nWhen the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, \u2026) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.\nTo mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.\nAdvice\u0027s how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.\nCompanies which are using their own configuration system instead of the reference solution are not affected as long they don\u0027t utilize the related libexpat library.\nWe kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.\nUpdate configuration tool chains to libexpat library version 2.4.6. or higher.\nUpgrade to PROFINET SDK 6.6 or higher if necessary.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2022-22825"
},
{
"cve": "CVE-2022-22826",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.\nWhen the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, \u2026) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.\nTo mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.\nAdvice\u0027s how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.\nCompanies which are using their own configuration system instead of the reference solution are not affected as long they don\u0027t utilize the related libexpat library.\nWe kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.\nUpdate configuration tool chains to libexpat library version 2.4.6. or higher.\nUpgrade to PROFINET SDK 6.6 or higher if necessary.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2022-22826"
},
{
"cve": "CVE-2022-25315",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.\nWhen the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, \u2026) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.\nTo mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.\nAdvice\u0027s how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.\nCompanies which are using their own configuration system instead of the reference solution are not affected as long they don\u0027t utilize the related libexpat library.\nWe kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.\nUpdate configuration tool chains to libexpat library version 2.4.6. or higher.\nUpgrade to PROFINET SDK 6.6 or higher if necessary.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2022-25315"
},
{
"cve": "CVE-2022-25314",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.\nWhen the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, \u2026) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.\nTo mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.\nAdvice\u0027s how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.\nCompanies which are using their own configuration system instead of the reference solution are not affected as long they don\u0027t utilize the related libexpat library.\nWe kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.\nUpdate configuration tool chains to libexpat library version 2.4.6. or higher.\nUpgrade to PROFINET SDK 6.6 or higher if necessary.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2022-25314"
},
{
"cve": "CVE-2022-25313",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "description",
"text": "In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "The PROFINET SDK includes an Engineering tool as reference solution to generate Profinet configuration IPPNIO or TIC XML files. This configuration is transferred to a device running the Profinet stack and loaded during startup of the Profinet stack.\nWhen the IPPNIO or TIC files are transferred via an untrusted environment (e.g.: Network or e-Mail, \u2026) an attacker knowing these vulnerabilities mentioned above might manipulate the files in a specific way to gain access to the device.\nTo mitigate these vulnerabilities the integrity and authenticity of the configuration data it must be ensured by transferring the data only via trusted connections.\nAdvice\u0027s how to ensure trusted connections can be found in the following document:Measures to protect network-capable devices with Ethernet connection.\nCompanies which are using their own configuration system instead of the reference solution are not affected as long they don\u0027t utilize the related libexpat library.\nWe kindly advise you to check if in your specific configuration tool chain, the libexpat library is used or version number is 2.4.6. or higher.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Use only trusted connections between the Engineering tools and the devices executing the Profinet stack.\nUpdate configuration tool chains to libexpat library version 2.4.6. or higher.\nUpgrade to PROFINET SDK 6.6 or higher if necessary.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2022-25313"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…