CVE-2022-38773

medium

Description

Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-482757.pdf

https://cert-portal.siemens.com/productcert/html/ssa-482757.html

Details

Source: Mitre, NVD

Published: 2023-01-10

Updated: 2024-06-11

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 6.8

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Medium

Detections

Analytics