CVE-2022-38773
MEDIUMCVSS 6.8/10EPSS 0.29%
Last modified
CVE-2022-38773 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. EPSS estimates a 0.29% chance of exploitation in the next 30 days.
Description
Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code.
Metrics
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Simatic Drive Controller Cpu 1504d Tf Firmware | All versions |
| Siemens | Simatic Drive Controller Cpu 1507d Tf Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1510sp F-1 Pn Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1510sp-1 Pn Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1511-1 Pn Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1511c-1 Pn Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1511f-1 Pn Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1511t-1 Pn Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1511tf-1 Pn Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1512c-1 Pn Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1512sp F-1 Pn Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1512sp-1 Pn Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1513-1 Pn Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1513f-1 Pn Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1513r-1 Pn Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1515-2 Pn Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1515f-2 Pn Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1515r-2 Pn Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1515t-2 Pn Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1515tf-2 Pn Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1516-3 Pn\/Dp Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1516f-3 Pn\/Dp Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1516t-3 Pn\/Dp Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1516tf-3 Pn\/Dp Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1517-3 Pn\/Dp Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1517f-3 Pn\/Dp Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1517h-3 Pn Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1517t-3 Pn\/Dp Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1517tf-3 Pn\/Dp Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1518-4 Pn\/Dp Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1518-4 Pn\/Dp Mfp Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1518-4f Pn\/Dp Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1518f-4 Pn\/Dp Mfp Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1518hf-4 Pn Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1518t-4 Pn\/Dp Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1518tf-4 Pn\/Dp Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu S7-1518-4 Pn\/Dp Odk Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu S7-1518f-4 Pn\/Dp Odk Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1513pro F-2 Pn Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1513pro-2 Pn Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1516pro F-2 Pn Firmware | All versions |
| Siemens | Simatic S7-1500 Cpu 1516pro-2 Pn Firmware | All versions |
| Siemens | Siplus Et 200sp Cpu 1510sp F-1 Pn Firmware | All versions |
| Siemens | Siplus Et 200sp Cpu 1510sp F-1 Pn Rail Firmware | All versions |
| Siemens | Siplus Et 200sp Cpu 1510sp-1 Pn Firmware | All versions |
| Siemens | Siplus Et 200sp Cpu 1510sp-1 Pn Rail Firmware | All versions |
| Siemens | Siplus Et 200sp Cpu 1512sp F-1 Pn Firmware | All versions |
| Siemens | Siplus Et 200sp Cpu 1512sp F-1 Pn Rail Firmware | All versions |
| Siemens | Siplus Et 200sp Cpu 1512sp-1 Pn Firmware | All versions |
| Siemens | Siplus Et 200sp Cpu 1512sp-1 Pn Rail Firmware | All versions |
Showing 50 of 70 affected configurations. See NVD for the full list.
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-38773?
Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code.
How severe is CVE-2022-38773?
CVE-2022-38773 has a CVSS score of 6.8/10 (MEDIUM severity). The EPSS model estimates a 0.29% probability of exploitation in the next 30 days.
How do I fix CVE-2022-38773?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2022-38773?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST