7.5
CVE-2022-33138
- EPSS 0.53%
- Veröffentlicht 12.07.2022 10:15:10
- Zuletzt bearbeitet 21.11.2024 07:07:35
- Quelle productcert@siemens.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). Affected devices do not perform authentication for several web API endpoints. This could allow an unauthenticated remote attacker to read and download data from the device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Siemens ≫ Simatic Mv540 H Firmware Version < 3.3
Siemens ≫ Simatic Mv540 S Firmware Version < 3.3
Siemens ≫ Simatic Mv550 H Firmware Version < 3.3
Siemens ≫ Simatic Mv550 S Firmware Version < 3.3
Siemens ≫ Simatic Mv560 U Firmware Version < 3.3
Siemens ≫ Simatic Mv560 X Firmware Version < 3.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.53% | 0.66 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.