Cyber Resilience

CVE-2022-38773

Medium

Published: 10 January 2023

Published
10 January 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0015 35.8th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-38773 is a medium-severity Missing Immutable Root of Trust in Hardware (CWE-1326) vulnerability in Siemens Simatic Drive Controller Cpu 1504D Tf Firmware. Its CVSS base score is 4.6 (Medium).

Operationally, ranked at the 35.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this…

more

to replace the boot image of the device and execute arbitrary code.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

siemens
simatic drive controller cpu 1504d tf firmware
all versions
siemens
simatic drive controller cpu 1507d tf firmware
all versions
siemens
simatic s7-1500 cpu 1510sp f-1 pn firmware
all versions
siemens
simatic s7-1500 cpu 1510sp-1 pn firmware
all versions
siemens
simatic s7-1500 cpu 1511-1 pn firmware
all versions
siemens
simatic s7-1500 cpu 1511c-1 pn firmware
all versions
siemens
simatic s7-1500 cpu 1511f-1 pn firmware
all versions
siemens
simatic s7-1500 cpu 1511t-1 pn firmware
all versions
siemens
simatic s7-1500 cpu 1511tf-1 pn firmware
all versions
siemens
simatic s7-1500 cpu 1512c-1 pn firmware
all versions
+60 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References