Serious Vulnerability Affects Siemens' SIMATIC PCS NEO and STEP 7 Applications
CVE-2022-45147

8.5HIGH

Key Information:

Vendor

Siemens
Status
Simatic Pcs Neo V4.0
Simatic Step 7 V16
Simatic Step 7 V17
Simatic Step 7 V18
Vendor
CVE Published:
9 July 2024

What is CVE-2022-45147?

A vulnerability exists in Siemens SIMATIC PCS neo and STEP 7 products, where improper restrictions on the .NET BinaryFormatter during deserialization of user-controllable input could lead to type confusion. This flaw allows an attacker to execute arbitrary code within the affected applications. For more details, refer to the official Siemens CERT portal.

Affected Version(s)

SIMATIC PCS neo V4.0 0

SIMATIC STEP 7 V16 0

SIMATIC STEP 7 V17 0

References

https://cert-portal.siemens.com/productcert/html/ssa-8256...

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2022-45147 : Serious Vulnerability Affects Siemens' SIMATIC PCS NEO and STEP 7 Applications