Serious Vulnerability Affects Siemens' SIMATIC PCS NEO and STEP 7 Applications
CVE-2022-45147

7.8HIGH

Key Information:

Vendor: Siemens
Status: Simatic Pcs Neo V4.0; Simatic Step 7 V16; Simatic Step 7 V17; Simatic Step 7 V18
Vendor: CVE Published:; 9 July 2024

Summary

A vulnerability exists in Siemens SIMATIC PCS neo and STEP 7 products, where improper restrictions on the .NET BinaryFormatter during deserialization of user-controllable input could lead to type confusion. This flaw allows an attacker to execute arbitrary code within the affected applications. For more details, refer to the official Siemens CERT portal.

Affected Version(s)

SIMATIC PCS neo V4.0 0

SIMATIC STEP 7 V16 0

SIMATIC STEP 7 V17 0

References

https://cert-portal.siemens.com/productcert/html/ssa-8256...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2024
Vulnerability Reserved
Nov 11, 2022