Details of VAR-202210-0428

ID

VAR-202210-0428

CVE

CVE-2022-38465

TITLE

Insufficient Credential Protection Vulnerability in Multiple Siemens Products

Trust: 0.8

sources: JVNDB: JVNDB-2022-018714

DESCRIPTION

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINUMERIK MC (All versions < V6.21), SINUMERIK ONE (All versions < V6.21). Affected products protect the built-in global private key in a way that cannot be considered sufficient any longer. The key is used for the legacy protection of confidential configuration data and the legacy PG/PC and HMI communication. This could allow attackers to discover the private key of a CPU product family by an offline attack against a single CPU of the family. Attackers could then use this knowledge to extract confidential configuration data from projects that are protected by that key or to perform attacks against legacy PG/PC and HMI communication. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-38465 // JVNDB: JVNDB-2022-018714

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic s7-1200 cpu 12 1214c	scope:	lt	version:	4.5.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1511t-1	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1513-1	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 151511c-1	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1518-4	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 12 1217c	scope:	lt	version:	4.5.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1518tf-4	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 12 1214fc	scope:	lt	version:	4.5.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1512sp-1	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 15pro-2	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1511-1	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1516pro f	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1512spf-1	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1510sp-1	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1515r-2	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1516t-3	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1517-3	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1516-3	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1515f-2	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1513f-1	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1518hf-4	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1515-2	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1517f-3	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 12 1215fc	scope:	lt	version:	4.5.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1513r-1	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 15prof-2	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic drive controller cpu 1504d tf	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1512c-1	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 12 1211c	scope:	lt	version:	4.5.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1511tf-1	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 software controller	scope:	lt	version:	21.9	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 12 1215c	scope:	lt	version:	4.5.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1510sp	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 12 1212c	scope:	lt	version:	4.5.0	Trust: 1.0
vendor:	siemens	model:	simatic et 200 sp open controller cpu 1515sp pc	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic s7-plcsim advanced	scope:	lt	version:	4.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1515t-2	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic et 200 sp open controller cpu 1515sp pc2	scope:	lt	version:	21.9	Trust: 1.0
vendor:	siemens	model:	simatic drive controller cpu 1507d tf	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 151511f-1	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1518f-4	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 12 1212fc	scope:	lt	version:	4.5.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1516f-3	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1516tf-3	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu 1518t-4	scope:	lt	version:	2.9.2	Trust: 1.0
vendor:	シーメンス	model:	simatic et 200 sp open controller cpu 1515sp pc2	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic et 200 sp open controller cpu 1515sp pc	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1200 cpu 12 1215c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu 151511f-1	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1200 cpu 12 1215fc	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1200 cpu 12 1212fc	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1200 cpu 12 1217c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1200 cpu 12 1214c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic drive controller cpu 1504d tf	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1200 cpu 12 1214fc	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu 151511c-1	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1200 cpu 12 1212c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1200 cpu 12 1211c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu 1512c-1	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu 1510sp	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu 1511t-1	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic drive controller cpu 1507d tf	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu 1511tf-1	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu 1510sp-1	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic s7-1500 cpu 1511-1	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-018714 // NVD: CVE-2022-38465

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-38465
value:	HIGH
Trust: 1.0
productcert@siemens.com:	CVE-2022-38465
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-38465
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202210-402
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-38465
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
productcert@siemens.com:	CVE-2022-38465
baseSeverity:	CRITICAL
baseScore:	9.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2022-38465
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-018714 // CNNVD: CNNVD-202210-402 // NVD: CVE-2022-38465 // NVD: CVE-2022-38465

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.0
problemtype:	Inadequate protection of credentials (CWE-522) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-018714 // NVD: CVE-2022-38465

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-402

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-402

PATCH

title:

Multiple Siemens Product security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=210800

Trust: 0.6

sources: CNNVD: CNNVD-202210-402

EXTERNAL IDS

db:	NVD	id:	CVE-2022-38465	Trust: 3.2
db:	SIEMENS	id:	SSA-568427	Trust: 2.4
db:	SIEMENS	id:	SSA-568428	Trust: 2.4
db:	ICS CERT	id:	ICSA-22-286-04	Trust: 1.4
db:	ICS CERT	id:	ICSA-22-314-04	Trust: 0.8
db:	JVN	id:	JVNVU93762879	Trust: 0.8
db:	JVN	id:	JVNVU92214181	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-018714	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.5096	Trust: 0.6
db:	CNNVD	id:	CNNVD-202210-402	Trust: 0.6

sources: JVNDB: JVNDB-2022-018714 // CNNVD: CNNVD-202210-402 // NVD: CVE-2022-38465

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-568427.pdf	Trust: 2.4
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-568428.pdf	Trust: 2.4
url:	https://jvn.jp/vu/jvnvu92214181/	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93762879/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-38465	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-22-286-04	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-22-314-04	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.5096	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-286-04	Trust: 0.6
url:	https://vigilance.fr/vulnerability/simatic-weak-encryption-via-weak-key-protection-39511	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-38465/	Trust: 0.6

sources: JVNDB: JVNDB-2022-018714 // CNNVD: CNNVD-202210-402 // NVD: CVE-2022-38465

CREDITS

Tal Keren from Claroty reported this vulnerability to Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-202210-402

SOURCES

db:	JVNDB	id:	JVNDB-2022-018714
db:	CNNVD	id:	CNNVD-202210-402
db:	NVD	id:	CVE-2022-38465

LAST UPDATE DATE

2024-08-14T12:45:48.801000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-018714	date:	2023-10-23T02:36:00
db:	CNNVD	id:	CNNVD-202210-402	date:	2023-02-15T00:00:00
db:	NVD	id:	CVE-2022-38465	date:	2023-11-07T03:50:08.877

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-018714	date:	2023-10-23T00:00:00
db:	CNNVD	id:	CNNVD-202210-402	date:	2022-10-11T00:00:00
db:	NVD	id:	CVE-2022-38465	date:	2022-10-11T11:15:10.357