CVE-2022-46141

2023-12-1212:15:10

CWE-316

CWE-312

[email protected]

web.nvd.nist.gov

cve-2022-46141

simatic step 7

tia portal

information disclosure

vulnerability

access level password

local attacker

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All versions < V19). An information disclosure vulnerability could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs, when entered by a legitimate user in the hardware configuration of the affected application.

Affected configurations

NVD

Node

siemenssimatic_step_7Range<19

CPENameOperatorVersion
siemens:simatic_step_7siemens simatic step 7lt19

CPE	Name	Operator	Version
siemens:simatic_step_7	siemens simatic step 7	lt	19

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SIMATIC STEP 7 (TIA Portal)",
    "versions": [
      {
        "version": "All versions < V19",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]