CVSS: 9.3EPSS: 0%CPEs: 89EXPL: 0CVE-2022-38465
https://notcve.org/view.php?id=CVE-2022-38465
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINUMERIK MC (All versions < V6.21), SINUMERIK ONE (All versions < V6.21). Affected products protect the built-in global private key in a way that cannot be considered sufficient any longer. • https://cert-portal.siemens.com/productcert/pdf/ssa-568427.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-568428.pdf • CWE-522: Insufficiently Protected Credentials •