CVE-2022-46141
MEDIUMSIMATIC STEP 7 (TIA Portal) < V19 - Info Disclosure
Title source: llmDescription
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All versions < V19). An information disclosure vulnerability could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs, when entered by a legitimate user in the hardware configuration of the affected application.
References (1)
Core 1
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-887801.pdf
Scores
CVSS v3
4.2
EPSS
0.0001
EPSS Percentile
1.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-316
CWE-312
Status
published
Products (1)
siemens/simatic_step_7
< 19
Published
Dec 12, 2023
Tracked Since
Feb 18, 2026