CVE-2022-38773
Published: 10 January 2023
Summary
CVE-2022-38773 is a medium-severity Missing Immutable Root of Trust in Hardware (CWE-1326) vulnerability in Siemens Simatic Drive Controller Cpu 1504D Tf Firmware. Its CVSS base score is 4.6 (Medium).
Operationally, ranked at the 35.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-41336
Vulnerability details
Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this…
more
to replace the boot image of the device and execute arbitrary code.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.