CVE-2022-38773

Description

Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code.

Related CPE's

osiemenssimatic_drive_controller_cpu_1504d_tf_firmware-*******

hsiemenssimatic_drive_controller_cpu_1504d_tf-*******

osiemenssimatic_drive_controller_cpu_1507d_tf_firmware-*******

hsiemenssimatic_drive_controller_cpu_1507d_tf-*******

osiemenssimatic_s7-1500_cpu_1510sp_f-1_pn_firmware-*******

hsiemenssimatic_s7-1500_cpu_1510sp_f-1_pn-*******

osiemenssimatic_s7-1500_cpu_1510sp-1_pn_firmware-*******

hsiemenssimatic_s7-1500_cpu_1510sp-1_pn-*******

osiemenssimatic_s7-1500_cpu_1511-1_pn_firmware-*******

hsiemenssimatic_s7-1500_cpu_1511-1_pn-*******

References

https://cert-portal.siemens.com/productcert/pdf/ssa-482757.pdf

Vendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io