CVE-2022-38773 — Missing Immutable Root of Trust in Hardware in Siemens Simatic Drive Controller CPU 1504d TF

CWE-1326 — Missing Immutable Root of Trust in Hardware3 documents3 sources

Severity

6.8MEDIUMNVD

CNA4.6

EPSS

0.2%

top 63.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic Drive Controller CPU 1504d TF Siemens Simatic Drive Controller CPU 1507d TF Siemens Simatic S7-1500 CPU 1510sp-1 PN +68 more

Timeline

PublishedJan 10

Description

Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages71 packages

▶CVEListV5siemens/siplus_s7-1500_cpu_1511-1_pn< *

▶CVEListV5siemens/siplus_s7-1500_cpu_1513-1_pn< *

▶CVEListV5siemens/simatic_s7-1500_cpu_1511-1_pn< *

▶CVEListV5siemens/simatic_s7-1500_cpu_1513-1_pn< *

▶CVEListV5siemens/simatic_s7-1500_cpu_1515-2_pn< *

🔴Vulnerability Details

GHSA

GHSA-4qpv-c2wc-cr4r: Affected devices do not contain an Immutable Root of Trust in Hardware↗2023-01-10

▶

CVEList

CVE-2022-38773: Affected devices do not contain an Immutable Root of Trust in Hardware↗2023-01-10

▶