CVE-2022-38465

CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

7.8HIGH

EPSS

0.2%

top 62.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic Drive Controller CPU 1504d TF Firmware Siemens Simatic Drive Controller CPU 1507d TF Firmware Siemens Simatic ET 200 SP Open Controller CPU 1515sp PC2 Firmware +49 more

Timeline

PublishedOct 11

Description

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versi…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.5 | Impact: 6.0

Affected Packages53 packages

▶CVEListV5siemens/simatic_et_200sp_open_controller_cpu_1515sp_pc_(incl._siplus_variants)All versions

▶CVEListV5siemens/simatic_et_200sp_open_controller_cpu_1515sp_pc2_(incl._siplus_variants)All versions < V21.9

▶CVEListV5siemens/simatic_s7-1500_cpu_family_(incl._related_et200_cpus_and_siplus_variants)All versions < V2.9.2

▶CVEListV5siemens/simatic_s7-1200_cpu_family_(incl._siplus_variants)All versions < V4.5.0

▶NVDsiemens/simatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmware< 21.9

🔴Vulnerability Details

CVEList

CVE-2022-38465: A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2↗2022-10-11

▶

GHSA

GHSA-45px-m6q7-hv4p: A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2↗2022-10-11

▶