SIEMENS-SSA-348662 · Published 2022-07-12 · View on Siemens ProductCERT ↗

SSA-348662 V1.0: Multiple Vulnerabilities in SIMATIC MV500 Devices before V3.3

CVSS 8.0 HIGH

Risk Summary

<p> SIMATIC MV500 devices before V3.3 are affected by multiple vulnerabilities that could allow attackers to hijack other users’ web based management sessions (CVE-2022-33137) or access data on the device without prior authentication (CVE-2022-33138). </p> <p> Siemens has released an update for the SIMATIC MV500 devices and recommends to update to the latest version. Note that the update also contains additional fixes for vulnerabilities documented in Siemens Security Advisory SSA-712929. </p>

CVEs (2)

CVE-2022-33137 CVE-2022-33138

Remediations

Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-348662 V1.0: Multiple Vulnerabilities in SIMATIC MV500 Devices before V3.3 See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more