8.5
CVE-2022-45147
- EPSS 0.07%
- Veröffentlicht 09.07.2024 12:15:08
- Zuletzt bearbeitet 21.11.2024 07:28:51
- Quelle productcert@siemens.com
- CVE-Watchlists
- Unerledigt
A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellersiemens
≫
Produkt
simatic_pcs_neo
Default Statusunknown
Version <
5.0
Version
4.0
Status
affected
Herstellersiemens
≫
Produkt
simatic_step_7
Default Statusunknown
Version <
17
Version
16
Status
affected
Version <
18
Version
17
Status
affected
Version <
18_update_2
Version
18
Status
affected
Herstellersiemens
≫
Produkt
simatic_step_7
Default Statusunknown
Version <
17
Version
16
Status
affected
Version <
18
Version
17
Status
affected
Version <
18_update_2
Version
18
Status
affected
Herstellersiemens
≫
Produkt
simatic_step_7
Default Statusunknown
Version <
17
Version
16
Status
affected
Version <
18
Version
17
Status
affected
Version <
18_update_2
Version
18
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.218 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| productcert@siemens.com | 8.5 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| productcert@siemens.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.