SSA-712929 — Vulnetix

SSA-712929 PUBLISHED CVSS 7.5 HIGH

The BN_mod_sqrt() function in openSSL, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters.

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Siemens	SCALANCE XR326-2C PoE WG (without UL) (6GK5326-2QS00-3RR3)
Siemens	SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG10-3HR2)
Siemens	SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0)
Siemens	SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0)
Siemens	SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6)
Siemens	SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0)
Siemens	SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0)
Siemens	SIPLUS S7-1200 CPU 1212C AC/DC/RLY (6AG1212-1BE40-2XB0)
Siemens	SCALANCE XC224-4C G EEC (6GK5224-4GS00-2FC2)
Siemens	SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL (6AG2516-3AN01-4AB0)
Siemens	SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3)
Siemens	SCALANCE X204-2LD TS (6GK5204-2BC10-2CA2)
Siemens	SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG00-3AR2)
Siemens	SIMATIC NET PC Software V17
Siemens	SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0)
Siemens	SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-2AB0)
Siemens	SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-4XB0)
Siemens	SCALANCE XF204-2 (6GK5204-2BC00-2AF2)
Siemens	SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0)
Siemens	RUGGEDCOM ROX RX1501

…and 565 more

Exploit Intelligence

jeongjunsoo/CVE-2022-0778 (github-poc-repo)
jeongjunsoo/CVE-2022-0778 (github-poc)
Trinadh465/openssl-1.1.1g_CVE-2022-0778 (github-poc)
Proof of concept for CVE-2022-0778 in P12 and PEM format (github-poc)
jkakavas/CVE-2022-0778-POC (github-poc)
yywing/cve-2022-0778 (github-poc)
Proof of concept for CVE-2022-0778, which triggers an infinite loop in parsing X.509 certificates due to a bug in BN_mod_sqrt (github-poc)
Rapport_149185019.html (github-poc)
TestCommand.yaml (github-poc)
macos_v2_generated.go (github-poc)

…and 2 more exploits

Timeline

Jun 14, 2022 CVE Published
Apr 14, 2026 CVE Updated

References

…and 29 more

Open in Interactive Console →