Serious Vulnerability Affects Siemens' SIMATIC PCS NEO and STEP 7 Applications
CVE-2022-45147

8.5HIGH

Key Information:

Vendor: Siemens
Status: Simatic Pcs Neo V4.0; Simatic Step 7 V16; Simatic Step 7 V17; Simatic Step 7 V18
Vendor: CVE Published:; 9 July 2024

What is CVE-2022-45147?

A vulnerability exists in Siemens SIMATIC PCS neo and STEP 7 products, where improper restrictions on the .NET BinaryFormatter during deserialization of user-controllable input could lead to type confusion. This flaw allows an attacker to execute arbitrary code within the affected applications. For more details, refer to the official Siemens CERT portal.

Affected Version(s)

SIMATIC PCS neo V4.0 0

SIMATIC STEP 7 V16 0

SIMATIC STEP 7 V17 0

References

https://cert-portal.siemens.com/productcert/html/ssa-8256...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2024
Vulnerability Reserved
Nov 11, 2022