Lack of Immutable Root of Trust in Siemens Devices
CVE-2022-38773
4.6MEDIUM
Key Information:
- Vendor
- Siemens
- Status
- Vendor
- CVE Published:
- 10 January 2023
Summary
The vulnerability arises from the absence of an Immutable Root of Trust in the hardware of specific Siemens devices. This oversight prevents the validation of code integrity during the device's load-time. An attacker with physical access could exploit this flaw by replacing the boot image, thus executing arbitrary code, compromising device security.
Affected Version(s)
SIMATIC Drive Controller CPU 1504D TF 0
SIMATIC Drive Controller CPU 1507D TF 0
SIMATIC S7-1500 CPU 1510SP F-1 PN 0
References
CVSS V3.1
Score:
4.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved