CVE-2022-21166
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Description
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.0. Siemens has released a new version for SIMATIC S7-1500 TM MFP - GNU/Linux subsystem and recommends to update to the latest version. This advisory lists vulnerabilities for firmware version V1.0 only; for V1.1 refer to Siemens Security Advisory SSA-265688 ( https://cert-portal.siemens.com/productcert/html/ssa-265688.html).
CVSS Vector Breakdown
AV:LAttack VectorAC:LAttack ComplexityPR:LPrivileges RequiredUI:NUser InteractionS:UScopeC:HConfidentialityI:NIntegrityA:NAvailabilityWeaknesses
Affected Products
Exploitability
References
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2022-21166 and every CVE in our database. Create a free account — no credit card required.
Create Free Account