{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "SiPass integrated versions before V2.95.3.18 contain an out of bounds read vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition.\n\nSiemens has released a new version for SiPass integrated and recommends to update to the latest version.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-041082: Out of Bounds Read Vulnerability in SiPass Integrated Before V2.95.3.18 - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-041082.html"
      },
      {
        "category": "self",
        "summary": "SSA-041082: Out of Bounds Read Vulnerability in SiPass Integrated Before V2.95.3.18 - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-041082.json"
      }
    ],
    "title": "SSA-041082: Out of Bounds Read Vulnerability in SiPass Integrated Before V2.95.3.18",
    "tracking": {
      "current_release_date": "2025-05-23T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-041082",
      "initial_release_date": "2025-05-23T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-05-23T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        }
      ],
      "status": "interim",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/<V2.95.3.18",
                "product": {
                  "name": "SiPass integrated",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "SiPass integrated"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-31812",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unauthenticated remote attacker to create a denial of service condition.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V2.95.3.18 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827049/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-31812"
    }
  ]
}