Lack of Immutable Root of Trust in Siemens Devices
CVE-2022-38773

4.6MEDIUM

Summary

The vulnerability arises from the absence of an Immutable Root of Trust in the hardware of specific Siemens devices. This oversight prevents the validation of code integrity during the device's load-time. An attacker with physical access could exploit this flaw by replacing the boot image, thus executing arbitrary code, compromising device security.

Affected Version(s)

SIMATIC Drive Controller CPU 1504D TF 0

SIMATIC Drive Controller CPU 1507D TF 0

SIMATIC S7-1500 CPU 1510SP F-1 PN 0

References

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.