CVE-2022-38465
CVE-2022-38465 is a critical-severity vulnerability in Siemens Simatic Et 200 Sp Open Controller Cpu 1515sp Pc2 Firmware with a CVSS 3.x base score of 9.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-522.
Key facts
- Severity: Critical (CVSS 3.x base score 9.3)
- EPSS exploit prediction: 0% (12th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-522
- Affected product: Siemens Simatic Et 200 Sp Open Controller Cpu 1515sp Pc2 Firmware
- Published:
- Last modified:
Description
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINUMERIK MC (All versions < V6.21), SINUMERIK ONE (All versions < V6.21). Affected products protect the built-in global private key in a way that cannot be considered sufficient any longer. The key is used for the legacy protection of confidential configuration data and the legacy PG/PC and HMI communication. This could allow attackers to discover the private key of a CPU product family by an offline attack against a single CPU of the family. Attackers could then use this knowledge to extract confidential configuration data from projects that are protected by that key or to perform attacks against legacy PG/PC and HMI communication.
Frequently asked questions
- What is CVE-2022-38465?
- A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINUMERIK MC (All versions < V6.21), SINUMERIK ONE (All versions < V6.21). Affected products protect the built-in global private key in a way that cannot be considered sufficient any longer. The key is used for the legacy protection of confidential configuration data and the legacy PG/PC and HMI communication. This could allow attackers to discover the private key of a CPU product family by an offline attack against a single CPU of the family. Attackers could then use this knowledge to extract confidential configuration data from projects that are protected by that key or to perform attacks against legacy PG/PC and HMI communication.
- How severe is CVE-2022-38465?
- CVE-2022-38465 has a CVSS 3.x base score of 9.3, rated critical severity. It is exploitable over local access with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2022-38465 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (12th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2022-38465?
- CVE-2022-38465 primarily affects Siemens Simatic Et 200 Sp Open Controller Cpu 1515sp Pc2 Firmware. In total, 45 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2022-38465?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- When was CVE-2022-38465 published?
- CVE-2022-38465 was published on 2022-10-11 and last updated on 2026-06-17.
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-568427.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-568428.pdf
Affected products (45)
- cpe:2.3:o:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_drive_controller_cpu_1504d_tf_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_drive_controller_cpu_1507d_tf_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1200_cpu_12_1211c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1200_cpu_12_1212c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1200_cpu_12_1212fc_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1200_cpu_12_1214fc_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1200_cpu_12_1214c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1200_cpu_12_1215fc_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1200_cpu_12_1215c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1200_cpu_12_1217c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1510sp-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1510sp_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_151511c-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_151511f-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511t-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511tf-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512c-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512sp-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1512spf-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1513-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1513f-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1513r-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_15prof-2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_15pro-2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515-2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515f-2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515r-2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515t-2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516pro_f_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516-3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516f-3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516t-3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516tf-3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1517-3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1517f-3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518f-4_firmware:*:*:*:*:*:*:*:*
More vulnerabilities in Siemens Simatic Et 200 Sp Open Controller Cpu 1515sp Pc2 Firmware
- CVE-2019-6568 — High (CVSS 7.5): The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An…
All CVEs affecting Siemens Simatic Et 200 Sp Open Controller Cpu 1515sp Pc2 Firmware →
Other CWE-522 (Insufficiently Protected Credentials) vulnerabilities
- CVE-2026-7312 — Critical (CVSS 10.0): CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to…
- CVE-2026-29128 — Critical (CVSS 10.0): IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g.,…
- CVE-2025-54863 — Critical (CVSS 10.0): Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration…
- CVE-2024-12799 — Critical (CVSS 10.0): Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64…
- CVE-2024-51545 — Critical (CVSS 10.0): Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list…
- CVE-2023-1778 — Critical (CVSS 10.0): This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to…
Browse all CWE-522 (Insufficiently Protected Credentials) vulnerabilities →