CVE-2022-38773 | Severity.io

Description

Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code.

Related CPE's

simatic_drive_controller_cpu_1504d_tf_firmware

Vulnerable

simatic_drive_controller_cpu_1504d_tf

simatic_drive_controller_cpu_1507d_tf_firmware

Vulnerable

simatic_drive_controller_cpu_1507d_tf

simatic_s7-1500_cpu_1510sp_f-1_pn_firmware

Vulnerable

simatic_s7-1500_cpu_1510sp_f-1_pn

simatic_s7-1500_cpu_1510sp-1_pn_firmware

Vulnerable

simatic_s7-1500_cpu_1510sp-1_pn

simatic_s7-1500_cpu_1511-1_pn_firmware

Vulnerable

simatic_s7-1500_cpu_1511-1_pn

simatic_s7-1500_cpu_1511c-1_pn_firmware

Vulnerable

simatic_s7-1500_cpu_1511c-1_pn

simatic_s7-1500_cpu_1511f-1_pn_firmware

Vulnerable

simatic_s7-1500_cpu_1511f-1_pn

simatic_s7-1500_cpu_1511t-1_pn_firmware

Vulnerable

simatic_s7-1500_cpu_1511t-1_pn

simatic_s7-1500_cpu_1511tf-1_pn_firmware

Vulnerable

simatic_s7-1500_cpu_1511tf-1_pn

simatic_s7-1500_cpu_1512c-1_pn_firmware

Vulnerable

simatic_s7-1500_cpu_1512c-1_pn

simatic_s7-1500_cpu_1512sp_f-1_pn_firmware

Vulnerable

simatic_s7-1500_cpu_1512sp_f-1_pn

simatic_s7-1500_cpu_1512sp-1_pn_firmware

Vulnerable

simatic_s7-1500_cpu_1512sp-1_pn

simatic_s7-1500_cpu_1513-1_pn_firmware

Vulnerable

simatic_s7-1500_cpu_1513-1_pn

simatic_s7-1500_cpu_1513f-1_pn_firmware

Vulnerable

simatic_s7-1500_cpu_1513f-1_pn

simatic_s7-1500_cpu_1513r-1_pn_firmware

Vulnerable

simatic_s7-1500_cpu_1513r-1_pn

simatic_s7-1500_cpu_1515-2_pn_firmware

Vulnerable

simatic_s7-1500_cpu_1515-2_pn

simatic_s7-1500_cpu_1515f-2_pn_firmware

Vulnerable

simatic_s7-1500_cpu_1515f-2_pn

simatic_s7-1500_cpu_1515r-2_pn_firmware

Vulnerable

simatic_s7-1500_cpu_1515r-2_pn

simatic_s7-1500_cpu_1515t-2_pn_firmware

Vulnerable

simatic_s7-1500_cpu_1515t-2_pn

simatic_s7-1500_cpu_1515tf-2_pn_firmware

Vulnerable

simatic_s7-1500_cpu_1515tf-2_pn

simatic_s7-1500_cpu_1516-3_pn\/dp_firmware

Vulnerable

simatic_s7-1500_cpu_1516-3_pn\/dp

simatic_s7-1500_cpu_1516f-3_pn\/dp_firmware

Vulnerable

simatic_s7-1500_cpu_1516f-3_pn\/dp

simatic_s7-1500_cpu_1516t-3_pn\/dp_firmware

Vulnerable

simatic_s7-1500_cpu_1516t-3_pn\/dp

simatic_s7-1500_cpu_1516tf-3_pn\/dp_firmware

Vulnerable

simatic_s7-1500_cpu_1516tf-3_pn\/dp

simatic_s7-1500_cpu_1517-3_pn\/dp

simatic_s7-1500_cpu_1517-3_pn\/dp_firmware

Vulnerable

simatic_s7-1500_cpu_1517f-3_pn\/dp

simatic_s7-1500_cpu_1517f-3_pn\/dp_firmware

Vulnerable

simatic_s7-1500_cpu_1517h-3_pn

simatic_s7-1500_cpu_1517h-3_pn_firmware

Vulnerable

simatic_s7-1500_cpu_1517t-3_pn\/dp

simatic_s7-1500_cpu_1517t-3_pn\/dp_firmware

Vulnerable

simatic_s7-1500_cpu_1517tf-3_pn\/dp

simatic_s7-1500_cpu_1517tf-3_pn\/dp_firmware

Vulnerable

simatic_s7-1500_cpu_1518-4_pn\/dp

simatic_s7-1500_cpu_1518-4_pn\/dp_firmware

Vulnerable

simatic_s7-1500_cpu_1518-4_pn\/dp_mfp

simatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware

Vulnerable

simatic_s7-1500_cpu_1518-4f_pn\/dp

simatic_s7-1500_cpu_1518-4f_pn\/dp_firmware

Vulnerable

simatic_s7-1500_cpu_1518f-4_pn\/dp_mfp_firmware

Vulnerable

simatic_s7-1500_cpu_1518f-4_pn\/dp_mfp

simatic_s7-1500_cpu_1518hf-4_pn_firmware

Vulnerable

simatic_s7-1500_cpu_1518hf-4_pn

simatic_s7-1500_cpu_1518t-4_pn\/dp_firmware

Vulnerable

simatic_s7-1500_cpu_1518t-4_pn\/dp

simatic_s7-1500_cpu_1518tf-4_pn\/dp_firmware

Vulnerable

simatic_s7-1500_cpu_1518tf-4_pn\/dp

simatic_s7-1500_cpu_s7-1518-4_pn\/dp_odk_firmware

Vulnerable

simatic_s7-1500_cpu_s7-1518-4_pn\/dp_odk

simatic_s7-1500_cpu_s7-1518f-4_pn\/dp_odk_firmware

Vulnerable

simatic_s7-1500_cpu_s7-1518f-4_pn\/dp_odk

simatic_s7-1500_cpu_1513pro_f-2_pn_firmware

Vulnerable

simatic_s7-1500_cpu_1513pro_f-2_pn

simatic_s7-1500_cpu_1513pro-2_pn_firmware

Vulnerable

simatic_s7-1500_cpu_1513pro-2_pn

simatic_s7-1500_cpu_1516pro_f-2_pn_firmware

Vulnerable

simatic_s7-1500_cpu_1516pro_f-2_pn

simatic_s7-1500_cpu_1516pro-2_pn_firmware

Vulnerable

simatic_s7-1500_cpu_1516pro-2_pn

siplus_et_200sp_cpu_1510sp_f-1_pn_firmware

Vulnerable

siplus_et_200sp_cpu_1510sp_f-1_pn

siplus_et_200sp_cpu_1510sp_f-1_pn_rail_firmware

Vulnerable

siplus_et_200sp_cpu_1510sp_f-1_pn_rail

siplus_et_200sp_cpu_1510sp-1_pn_firmware

Vulnerable

siplus_et_200sp_cpu_1510sp-1_pn

siplus_et_200sp_cpu_1510sp-1_pn_rail_firmware

Vulnerable

siplus_et_200sp_cpu_1510sp-1_pn_rail

siplus_et_200sp_cpu_1512sp_f-1_pn_firmware

Vulnerable

siplus_et_200sp_cpu_1512sp_f-1_pn

siplus_et_200sp_cpu_1512sp_f-1_pn_rail_firmware

Vulnerable

siplus_et_200sp_cpu_1512sp_f-1_pn_rail

siplus_et_200sp_cpu_1512sp-1_pn_firmware

Vulnerable

siplus_et_200sp_cpu_1512sp-1_pn

siplus_et_200sp_cpu_1512sp-1_pn_rail_firmware

Vulnerable

siplus_et_200sp_cpu_1512sp-1_pn_rail

siplus_s7-1500_cpu_1511-1_pn_firmware

Vulnerable

siplus_s7-1500_cpu_1511-1_pn

siplus_s7-1500_cpu_1511-1_pn_t1_rail_firmware

Vulnerable

siplus_s7-1500_cpu_1511-1_pn_t1_rail

siplus_s7-1500_cpu_1511-1_pn_tx_rail_firmware

Vulnerable

siplus_s7-1500_cpu_1511-1_pn_tx_rail

siplus_s7-1500_cpu_1511f-1_pn_firmware

Vulnerable

siplus_s7-1500_cpu_1511f-1_pn

siplus_s7-1500_cpu_1513-1_pn_firmware

Vulnerable

siplus_s7-1500_cpu_1513-1_pn

siplus_s7-1500_cpu_1513f-1_pn_firmware

Vulnerable

siplus_s7-1500_cpu_1513f-1_pn

siplus_s7-1500_cpu_1515f-2_pn_firmware

Vulnerable

siplus_s7-1500_cpu_1515f-2_pn

siplus_s7-1500_cpu_1515f-2_pn_rail_firmware

Vulnerable

siplus_s7-1500_cpu_1515f-2_pn_rail

siplus_s7-1500_cpu_1515f-2_pn_t2_rail_firmware

Vulnerable

siplus_s7-1500_cpu_1515f-2_pn_t2_rail

siplus_s7-1500_cpu_1515r-2_pn_firmware

Vulnerable

siplus_s7-1500_cpu_1515r-2_pn

siplus_s7-1500_cpu_1515r-2_pn_tx_rail_firmware

Vulnerable

siplus_s7-1500_cpu_1515r-2_pn_tx_rail

siplus_s7-1500_cpu_1516-3_pn\/dp_firmware

Vulnerable

siplus_s7-1500_cpu_1516-3_pn\/dp

siplus_s7-1500_cpu_1516-3_pn\/dp_rail_firmware

Vulnerable

siplus_s7-1500_cpu_1516-3_pn\/dp_rail

siplus_s7-1500_cpu_1516-3_pn\/dp_tx_rail_firmware

Vulnerable

siplus_s7-1500_cpu_1516-3_pn\/dp_tx_rail

siplus_s7-1500_cpu_1516f-3_pn\/dp_firmware

Vulnerable

siplus_s7-1500_cpu_1516f-3_pn\/dp

siplus_s7-1500_cpu_1516f-3_pn\/dp_rail_firmware

Vulnerable

siplus_s7-1500_cpu_1516f-3_pn\/dp_rail

siplus_s7-1500_cpu_1517h-3_pn_firmware

Vulnerable

siplus_s7-1500_cpu_1517h-3_pn

siplus_s7-1500_cpu_1518-4_pn\/dp_firmware

Vulnerable

siplus_s7-1500_cpu_1518-4_pn\/dp

siplus_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware

Vulnerable

siplus_s7-1500_cpu_1518-4_pn\/dp_mfp

siplus_s7-1500_cpu_1518f-4_pn\/dp_firmware

Vulnerable

siplus_s7-1500_cpu_1518f-4_pn\/dp

References

https://cert-portal.siemens.com/productcert/html/ssa-482757.html

https://cert-portal.siemens.com/productcert/pdf/ssa-482757.pdf

Vendor Advisory

Weaknesses

[email protected]

Primary

NVD-CWE-Other

[email protected]

Secondary

CWE-1326

CVSS impact metrics

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 · Medium

CVSS V3.1
CVSS V3.0
CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-01-10T12:15:23.103

2 years ago

Last modified

2024-06-11T09:15:11.087

11 months ago