Vulnerability Details : CVE-2022-38773
Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code.
Vulnerability category: Execute code
Products affected by CVE-2022-38773
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511-1_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1513-1_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515-2_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516-3_pn\/dp_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1517-3_pn\/dp_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn\/dp_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511f-1_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1513f-1_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515f-2_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516f-3_pn\/dp_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1517f-3_pn\/dp_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_drive_controller_cpu_1504d_tf_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_drive_controller_cpu_1507d_tf_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1510sp_f-1_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1510sp-1_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511c-1_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511t-1_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511tf-1_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512c-1_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512sp_f-1_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512sp-1_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1513r-1_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515r-2_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515t-2_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515tf-2_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516t-3_pn\/dp_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516tf-3_pn\/dp_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1517h-3_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1517t-3_pn\/dp_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1517tf-3_pn\/dp_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4f_pn\/dp_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518f-4_pn\/dp_mfp_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518hf-4_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518t-4_pn\/dp_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518tf-4_pn\/dp_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_s7-1518-4_pn\/dp_odk_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_s7-1518f-4_pn\/dp_odk_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1513pro_f-2_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1513pro-2_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516pro_f-2_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516pro-2_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_et_200sp_cpu_1510sp_f-1_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_et_200sp_cpu_1510sp_f-1_pn_rail_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_et_200sp_cpu_1510sp-1_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_et_200sp_cpu_1510sp-1_pn_rail_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_et_200sp_cpu_1512sp_f-1_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_et_200sp_cpu_1512sp_f-1_pn_rail_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_et_200sp_cpu_1512sp-1_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_et_200sp_cpu_1512sp-1_pn_rail_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_s7-1500_cpu_1511-1_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_s7-1500_cpu_1511-1_pn_t1_rail_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_s7-1500_cpu_1511-1_pn_tx_rail_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_s7-1500_cpu_1511f-1_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_s7-1500_cpu_1513-1_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_s7-1500_cpu_1513f-1_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_s7-1500_cpu_1515f-2_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_s7-1500_cpu_1515f-2_pn_rail_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_s7-1500_cpu_1515f-2_pn_t2_rail_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_s7-1500_cpu_1515r-2_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_s7-1500_cpu_1515r-2_pn_tx_rail_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_s7-1500_cpu_1516-3_pn\/dp_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_s7-1500_cpu_1516-3_pn\/dp_rail_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_s7-1500_cpu_1516-3_pn\/dp_tx_rail_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_s7-1500_cpu_1516f-3_pn\/dp_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_s7-1500_cpu_1516f-3_pn\/dp_rail_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_s7-1500_cpu_1517h-3_pn_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_s7-1500_cpu_1518-4_pn\/dp_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:siplus_s7-1500_cpu_1518f-4_pn\/dp_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-38773
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-38773
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
0.9
|
5.9
|
NIST | |
4.6
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
0.9
|
3.6
|
Siemens AG |
CWE ids for CVE-2022-38773
-
A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code.Assigned by: productcert@siemens.com (Secondary)
References for CVE-2022-38773
Jump to