CVE-2022-38465

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINUMERIK MC (All versions < V6.21), SINUMERIK ONE (All versions < V6.21). Affected products protect the built-in global private key in a way that cannot be considered sufficient any longer. The key is used for the legacy protection of confidential configuration data and the legacy PG/PC and HMI communication. This could allow attackers to discover the private key of a CPU product family by an offline attack against a single CPU of the family. Attackers could then use this knowledge to extract confidential configuration data from projects that are protected by that key or to perform attacks against legacy PG/PC and HMI communication.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_et_200_open_controller_cpu_1515sp_pc2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_et_200_open_controller_cpu_1515sp_pc:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:simatic_drive_controller_cpu_1504d_tf_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_drive_controller_cpu_1504d_tf:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:simatic_drive_controller_cpu_1507d_tf_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_drive_controller_cpu_1507d_tf:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_12_1211c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_12_1211c:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_12_1212c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_12_1212c:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_12_1212fc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_12_1212fc:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_12_1214fc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_12_1214fc:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_12_1214c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_12_1214c:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_12_1215fc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_12_1215fc:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_12_1215c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_12_1215c:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1200_cpu_12_1217c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1200_cpu_12_1217c:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1510sp-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1510sp-1:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1510sp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1510sp:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511-1:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_151511c-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_151511c-1:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_151511f-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_151511f-1:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511t-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511t-1:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511tf-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511tf-1:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512c-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512c-1:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512sp-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512sp-1:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512spf-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1512spf-1:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1513-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513-1:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1513f-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513f-1:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1513r-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513r-1:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_15prof-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_15prof-2:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_15pro-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_15pro-2:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515-2:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515f-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515f-2:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515r-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515r-2:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515t-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515t-2:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516pro_f_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516pro_f:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516-3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516-3:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516f-3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516f-3:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516t-3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516t-3:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516tf-3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516tf-3:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1517-3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517-3:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1517f-3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517f-3:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518f-4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518hf-4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518hf-4:-:*:*:*:*:*:*:*

Configuration 42 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518t-4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518t-4:-:*:*:*:*:*:*:*

Configuration 43 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518tf-4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518tf-4:-:*:*:*:*:*:*:*

Configuration 44 (hide)

cpe:2.3:a:siemens:simatic_s7-1500_software_controller:*:*:*:*:*:*:*:*

Configuration 45 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-plcsim_advanced_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-plcsim_advanced:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:16

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/pdf/ssa-568427.pdf - Vendor Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-568427.pdf - Vendor Advisory
References () https://cert-portal.siemens.com/productcert/pdf/ssa-568428.pdf - () https://cert-portal.siemens.com/productcert/pdf/ssa-568428.pdf -
CVSS v2 : unknown
v3 : 7.8
v2 : unknown
v3 : 9.3

07 Nov 2023, 03:50

Type Values Removed Values Added
Summary A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINUMERIK MC (All versions < V6.21), SINUMERIK ONE (All versions < V6.21). Affected products protect the built-in global private key in a way that cannot be considered sufficient any longer. The key is used for the legacy protection of confidential configuration data and the legacy PG/PC and HMI communication. This could allow attackers to discover the private key of a CPU product family by an offline attack against a single CPU of the family. Attackers could then use this knowledge to extract confidential configuration data from projects that are protected by that key or to perform attacks against legacy PG/PC and HMI communication. A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINUMERIK MC (All versions < V6.21), SINUMERIK ONE (All versions < V6.21). Affected products protect the built-in global private key in a way that cannot be considered sufficient any longer. The key is used for the legacy protection of confidential configuration data and the legacy PG/PC and HMI communication. This could allow attackers to discover the private key of a CPU product family by an offline attack against a single CPU of the family. Attackers could then use this knowledge to extract confidential configuration data from projects that are protected by that key or to perform attacks against legacy PG/PC and HMI communication.

Information

Published : 2022-10-11 11:15

Updated : 2024-11-21 07:16


NVD link : CVE-2022-38465

Mitre link : CVE-2022-38465

CVE.ORG link : CVE-2022-38465


JSON object : View

Products Affected

siemens

  • simatic_s7-1500_cpu_1518-4
  • simatic_s7-1500_cpu_1518hf-4_firmware
  • simatic_s7-1200_cpu_12_1214c_firmware
  • simatic_s7-1500_cpu_1518t-4_firmware
  • simatic_s7-1200_cpu_12_1217c_firmware
  • simatic_s7-1500_cpu_1513r-1
  • simatic_et_200_sp_open_controller_cpu_1515sp_pc_firmware
  • simatic_s7-1200_cpu_12_1211c
  • simatic_s7-1500_cpu_1518f-4
  • simatic_s7-plcsim_advanced
  • simatic_s7-1500_cpu_1515r-2_firmware
  • simatic_s7-1500_cpu_1513-1_firmware
  • simatic_s7-1200_cpu_12_1215fc
  • simatic_s7-1500_cpu_1515-2
  • simatic_s7-1500_cpu_1510sp_firmware
  • simatic_s7-1500_cpu_1512spf-1_firmware
  • simatic_s7-1500_cpu_1516-3
  • simatic_s7-1500_cpu_1517-3
  • simatic_s7-1200_cpu_12_1214fc
  • simatic_s7-1500_cpu_1515t-2_firmware
  • simatic_s7-1500_cpu_1513r-1_firmware
  • simatic_s7-1500_cpu_15pro-2_firmware
  • simatic_s7-1200_cpu_12_1215fc_firmware
  • simatic_s7-1500_cpu_1512sp-1
  • simatic_s7-plcsim_advanced_firmware
  • simatic_s7-1500_cpu_15prof-2
  • simatic_drive_controller_cpu_1507d_tf
  • simatic_s7-1500_cpu_1518f-4_firmware
  • simatic_s7-1500_cpu_1517f-3
  • simatic_s7-1500_cpu_1510sp-1_firmware
  • simatic_s7-1500_cpu_1518hf-4
  • simatic_s7-1500_cpu_1511t-1_firmware
  • simatic_s7-1500_cpu_1518t-4
  • simatic_s7-1500_cpu_151511c-1
  • simatic_s7-1200_cpu_12_1212c_firmware
  • simatic_s7-1500_cpu_1511tf-1
  • simatic_s7-1500_cpu_151511f-1
  • simatic_s7-1500_cpu_1513f-1_firmware
  • simatic_s7-1500_cpu_1515f-2
  • simatic_s7-1200_cpu_12_1212fc_firmware
  • simatic_s7-1500_cpu_1516pro_f
  • simatic_s7-1200_cpu_12_1215c_firmware
  • simatic_s7-1500_cpu_1516pro_f_firmware
  • simatic_s7-1500_cpu_1516tf-3_firmware
  • simatic_s7-1500_cpu_1516-3_firmware
  • simatic_s7-1500_cpu_1512sp-1_firmware
  • simatic_s7-1200_cpu_12_1211c_firmware
  • simatic_s7-1500_cpu_1511-1_firmware
  • simatic_s7-1200_cpu_12_1215c
  • simatic_s7-1500_cpu_1515-2_firmware
  • simatic_s7-1500_cpu_1516t-3
  • simatic_s7-1500_cpu_1515r-2
  • simatic_s7-1200_cpu_12_1214c
  • simatic_s7-1500_cpu_1510sp
  • simatic_s7-1500_cpu_1513f-1
  • simatic_s7-1500_cpu_1516t-3_firmware
  • simatic_s7-1200_cpu_12_1212fc
  • simatic_s7-1500_cpu_15pro-2
  • simatic_s7-1500_cpu_1518-4_firmware
  • simatic_s7-1200_cpu_12_1217c
  • simatic_drive_controller_cpu_1507d_tf_firmware
  • simatic_s7-1500_cpu_1512c-1_firmware
  • simatic_s7-1500_cpu_1512spf-1
  • simatic_drive_controller_cpu_1504d_tf
  • simatic_s7-1500_cpu_1518tf-4_firmware
  • simatic_s7-1500_cpu_1518tf-4
  • simatic_s7-1500_cpu_1516f-3_firmware
  • simatic_s7-1500_cpu_1512c-1
  • simatic_drive_controller_cpu_1504d_tf_firmware
  • simatic_s7-1500_cpu_1515t-2
  • simatic_s7-1500_cpu_151511f-1_firmware
  • simatic_s7-1500_cpu_1513-1
  • simatic_s7-1500_cpu_1517-3_firmware
  • simatic_s7-1500_cpu_1511tf-1_firmware
  • simatic_s7-1500_cpu_1511t-1
  • simatic_s7-1500_cpu_1510sp-1
  • simatic_s7-1500_cpu_1515f-2_firmware
  • simatic_s7-1500_cpu_1511-1
  • simatic_s7-1500_cpu_1516f-3
  • simatic_s7-1500_cpu_151511c-1_firmware
  • simatic_s7-1200_cpu_12_1212c
  • simatic_s7-1200_cpu_12_1214fc_firmware
  • simatic_s7-1500_cpu_1516tf-3
  • simatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmware
  • simatic_s7-1500_software_controller
  • simatic_s7-1500_cpu_1517f-3_firmware
  • simatic_s7-1500_cpu_15prof-2_firmware
  • simatic_et_200_open_controller_cpu_1515sp_pc
  • simatic_et_200_open_controller_cpu_1515sp_pc2
CWE
CWE-522

Insufficiently Protected Credentials