Siemens SIMATIC S7-1200, S7-1500 CPUs and related products information disclosure | CVE-2022-38465
NAME
Siemens SIMATIC S7-1200, S7-1500 CPUs and related products information disclosure
- Platforms Affected:
Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC
Siemens SIMATIC Drive Controller 2.9.1
Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC2 21.8
Siemens SIMATIC S7-1200 CPU 4.4
Siemens SIMATIC S7-1500 CPU 2.9.1
Siemens SIMATIC S7-1500 Software Controller 21.8
Siemens SIMATIC S7-PLCSIM Advanced 3 - Risk Level:
9.3 - Exploitability:
Unproven - Consequences:
Obtain Information
DESCRIPTION
Siemens SIMATIC S7-1200, S7-1500 CPUs and related products could allow a local attacker to obtain sensitive information, caused by insufficient protection of the built-in global private key. By conducting an offline attack against a single CPU of the family, an attacker could exploit this vulnerability to obtain the private key of a CPU product family.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Access Vector: Local
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to Siemens Security Advisory SSA-568427 for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://cert-portal.siemens.com/productcert/pdf/ssa-568427.pdf - Reference Link:
https://www.cisa.gov/uscert/ics/advisories/icsa-22-286-04
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.