CVE-2022-38773 MEDIUM

CVE-2022-38773

Vendor Siemens
Product SIMATIC Drive Controller CPU 1504D TF
Weakness CWE-1326
Published January 10, 2023
Last update April 3, 2025

CVSS base score

4.6/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:T/RC:C

What the vulnerability does

01Description

Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code.

Key dates

02Disclosure timeline

January 10, 2023 CVE published
April 3, 2025 Record updated