Lucene search

K
cve[email protected]CVE-2022-46141
HistoryDec 12, 2023 - 12:15 p.m.

CVE-2022-46141

2023-12-1212:15:10
CWE-316
CWE-312
web.nvd.nist.gov
12
cve-2022-46141
simatic step 7
tia portal
information disclosure
vulnerability
access level password
local attacker
nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All versions < V19). An information disclosure vulnerability could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs, when entered by a legitimate user in the hardware configuration of the affected application.

Affected configurations

NVD
Node
siemenssimatic_step_7Range<19

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SIMATIC STEP 7 (TIA Portal)",
    "versions": [
      {
        "version": "All versions < V19",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Related for CVE-2022-46141