Multiple vulnerabilities in Siemens SIMATIC MV500 Devices
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2022-33137 CVE-2022-33138 |
| CWE-ID | CWE-613 CWE-306 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SIMATIC MV540 H Hardware solutions / Firmware SIMATIC MV540 S Hardware solutions / Firmware SIMATIC MV550 H Hardware solutions / Firmware SIMATIC MV550 S Hardware solutions / Firmware SIMATIC MV560 U Hardware solutions / Firmware SIMATIC MV560 X Hardware solutions / Firmware |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Insufficient Session Expiration
EUVDB-ID: #VU65261
Risk: Medium
CVSSv4.0: 5.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-33137
CWE-ID:
CWE-613 - Insufficient Session Expiration
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient session expiration issue. A remote user can hijack other users' sessions.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSIMATIC MV540 H: before 3.3
SIMATIC MV540 S: before 3.3
SIMATIC MV550 H: before 3.3
SIMATIC MV550 S: before 3.3
SIMATIC MV560 U: before 3.3
SIMATIC MV560 X: before 3.3
CPE2.3- cpe:2.3:h:siemens:simatic_mv540_h:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_mv540_s:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_mv550_h:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_mv550_s:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_mv560_u:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_mv560_x:*:*:*:*:*:*:*:*
https://cert-portal.siemens.com/productcert/pdf/ssa-348662.pdficsa-22-195-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Missing Authentication for Critical Function
EUVDB-ID: #VU65263
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-33138
CWE-ID:
CWE-306 - Missing Authentication for Critical Function
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to missing authentication for several web API endpoints. A remote attacker can read and download data from the device.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSIMATIC MV540 H: before 3.3
SIMATIC MV540 S: before 3.3
SIMATIC MV550 H: before 3.3
SIMATIC MV550 S: before 3.3
SIMATIC MV560 U: before 3.3
SIMATIC MV560 X: before 3.3
CPE2.3- cpe:2.3:h:siemens:simatic_mv540_h:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_mv540_s:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_mv550_h:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_mv550_s:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_mv560_u:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_mv560_x:*:*:*:*:*:*:*:*
https://cert-portal.siemens.com/productcert/pdf/ssa-348662.pdficsa-22-195-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
