Insufficiently protected credentials in Siemens SIMATIC S7-1200 and S7-1500 CPU Families
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-38465 |
| CWE-ID | CWE-522 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
SIMATIC ET 200SP Open Controller CPU 1515SP PC Hardware solutions / Other hardware appliances SIMATIC Drive Controller Hardware solutions / Firmware SIMATIC S7-1200 CPU family Hardware solutions / Firmware SIMATIC S7-1500 CPU Hardware solutions / Firmware SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Server applications / SCADA systems SIMATIC S7-1500 Software Controller Server applications / SCADA systems SIMATIC S7-PLCSIM Advanced Server applications / SCADA systems |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Insufficiently protected credentials
EUVDB-ID: #VU68263
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-38465
CWE-ID:
CWE-522 - Insufficiently Protected Credentials
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to insufficiently protected credentials. A local attacker can discover the private key of a CPU product family and extract confidential configuration data from projects that are protected by that key or perform attacks against legacy PG/PC and HMI communication.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSIMATIC ET 200SP Open Controller CPU 1515SP PC: All versions
SIMATIC Drive Controller: before 2.9.2
SIMATIC ET 200SP Open Controller CPU 1515SP PC2: before 21.9
SIMATIC S7-1200 CPU family: before 4.5.0
SIMATIC S7-1500 CPU: before 2.9.2
SIMATIC S7-1500 Software Controller: before 21.9
SIMATIC S7-PLCSIM Advanced: before 4.0
CPE2.3- cpe:2.3:h:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_drive_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1200_cpu_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_s7-1500_software_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_s7-plcsim_advanced:*:*:*:*:*:*:*:*
https://cert-portal.siemens.com/productcert/pdf/ssa-568427.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
