1. Home
  2. CVE Database
  3. CVE-2022-38773
MEDIUM · 4.6

CVE-2022-38773

Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical acce...

Vulnerability Description

Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code.

CVSS Score

4.6

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
SiemensSimatic Drive Controller Cpu 1504D Tf Firmware-
SiemensSimatic Drive Controller Cpu 1504D Tf-
SiemensSimatic Drive Controller Cpu 1507D Tf Firmware-
SiemensSimatic Drive Controller Cpu 1507D Tf-
SiemensSimatic S7-1500 Cpu 1510Sp F-1 Pn Firmware-
SiemensSimatic S7-1500 Cpu 1510Sp F-1 Pn-
SiemensSimatic S7-1500 Cpu 1510Sp-1 Pn Firmware-
SiemensSimatic S7-1500 Cpu 1510Sp-1 Pn-
SiemensSimatic S7-1500 Cpu 1511-1 Pn Firmware-
SiemensSimatic S7-1500 Cpu 1511-1 Pn-
SiemensSimatic S7-1500 Cpu 1511C-1 Pn Firmware-
SiemensSimatic S7-1500 Cpu 1511C-1 Pn-
SiemensSimatic S7-1500 Cpu 1511F-1 Pn Firmware-
SiemensSimatic S7-1500 Cpu 1511F-1 Pn-
SiemensSimatic S7-1500 Cpu 1511T-1 Pn Firmware-
SiemensSimatic S7-1500 Cpu 1511T-1 Pn-
SiemensSimatic S7-1500 Cpu 1511Tf-1 Pn Firmware-
SiemensSimatic S7-1500 Cpu 1511Tf-1 Pn-
SiemensSimatic S7-1500 Cpu 1512C-1 Pn Firmware-
SiemensSimatic S7-1500 Cpu 1512C-1 Pn-

Related Weaknesses (CWE)

CWE-1326

References

FAQ

What is CVE-2022-38773?

CVE-2022-38773 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical acce...

How severe is CVE-2022-38773?

CVE-2022-38773 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-38773?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic Drive Controller Cpu 1504D Tf Firmware, Siemens Simatic Drive Controller Cpu 1504D Tf, Siemens Simatic Drive Controller Cpu 1507D Tf Firmware, Siemens Simatic Drive Controller Cpu 1507D Tf, Siemens Simatic S7-1500 Cpu 1510Sp F-1 Pn Firmware.