CRITICAL🇬🇧 English

CVE-2022-38465

CVSS 9.3v3.1pub. 2022-10-11upd. 2024-11-21

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINUMERIK MC (All versions < V6.21), SINUMERIK ONE (All versions < V6.21). Affected products protect the built-in global private key in a way that cannot be considered sufficient any longer. The key is used for the legacy protection of confidential configuration data and the legacy PG/PC and HMI communication. This could allow attackers to discover the private key of a CPU product family by an offline attack against a single CPU of the family. Attackers could then use this knowledge to extract confidential configuration data from projects that are protected by that key or to perform attacks against legacy PG/PC and HMI communication.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Siemens Simatic Drive Controller Cpu 1504d Tf

    HW
    Siemens
    wszystkie wersje
  • Siemens Simatic Drive Controller Cpu 1504d Tf Firmware

    OS
    Siemens
    < 2.9.2
  • Siemens Simatic Drive Controller Cpu 1507d Tf

    HW
    Siemens
    wszystkie wersje
  • Siemens Simatic Drive Controller Cpu 1507d Tf Firmware

    OS
    Siemens
    < 2.9.2
  • Siemens Simatic Et 200 Open Controller Cpu 1515sp Pc

    HW
    Siemens
    wszystkie wersje
  • Siemens Simatic Et 200 Open Controller Cpu 1515sp Pc2

    HW
    Siemens
    wszystkie wersje
  • Siemens Simatic Et 200 Sp Open Controller Cpu 1515sp Pc2 Firmware

    OS
    Siemens
    < 21.9
  • Siemens Simatic Et 200 Sp Open Controller Cpu 1515sp Pc Firmware

    OS
    Siemens
    wszystkie wersje
  • Siemens Simatic S7 1200 Cpu 12 1211c

    HW
    Siemens
    wszystkie wersje
  • Siemens Simatic S7 1200 Cpu 12 1211c Firmware

    OS
    Siemens
    < 4.5.0
  • Siemens Simatic S7 1200 Cpu 12 1212c

    HW
    Siemens
    wszystkie wersje
  • Siemens Simatic S7 1200 Cpu 12 1212c Firmware

    OS
    Siemens
    < 4.5.0
  • Siemens Simatic S7 1200 Cpu 12 1212fc

    HW
    Siemens
    wszystkie wersje
  • Siemens Simatic S7 1200 Cpu 12 1212fc Firmware

    OS
    Siemens
    < 4.5.0
  • Siemens Simatic S7 1200 Cpu 12 1214c

    HW
    Siemens
    wszystkie wersje
  • Siemens Simatic S7 1200 Cpu 12 1214c Firmware

    OS
    Siemens
    < 4.5.0
  • Siemens Simatic S7 1200 Cpu 12 1214fc

    HW
    Siemens
    wszystkie wersje
  • Siemens Simatic S7 1200 Cpu 12 1214fc Firmware

    OS
    Siemens
    < 4.5.0
  • Siemens Simatic S7 1200 Cpu 12 1215c

    HW
    Siemens
    wszystkie wersje
  • Siemens Simatic S7 1200 Cpu 12 1215c Firmware

    OS
    Siemens
    < 4.5.0
  • Siemens Simatic S7 1200 Cpu 12 1215fc

    HW
    Siemens
    wszystkie wersje
  • Siemens Simatic S7 1200 Cpu 12 1215fc Firmware

    OS
    Siemens
    < 4.5.0
  • Siemens Simatic S7 1200 Cpu 12 1217c

    HW
    Siemens
    wszystkie wersje
  • Siemens Simatic S7 1200 Cpu 12 1217c Firmware

    OS
    Siemens
    < 4.5.0
  • Siemens Simatic S7 1500 Cpu 1510sp

    HW
    Siemens
    wszystkie wersje
  • Siemens Simatic S7 1500 Cpu 1510sp 1

    HW
    Siemens
    wszystkie wersje
  • Siemens Simatic S7 1500 Cpu 1510sp 1 Firmware

    OS
    Siemens
    < 2.9.2
  • Siemens Simatic S7 1500 Cpu 1510sp Firmware

    OS
    Siemens
    < 2.9.2
  • Siemens Simatic S7 1500 Cpu 1511 1

    HW
    Siemens
    wszystkie wersje
  • Siemens Simatic S7 1500 Cpu 1511 1 Firmware

    OS
    Siemens
    < 2.9.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-15782CRITICAL9.8ten sam produkt

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200...

CVE-2023-46156HIGH7.5ten sam produkt

Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attack...

CVE-2023-28831HIGH8.7ten sam produkt

The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability tha...

CVE-2021-40365HIGH7.5ten sam produkt

Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could all...

CVE-2021-42029HIGH7.8ten sam produkt

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Por...