CVE-2022-38465 Vulnerability in SIMATIC Drive Controller family (All versions V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), and SIMATIC ET 200SP Open Controller CPU 1515SP PC2.

or by using the keylogger functionality of the S7-1200 Software Controller, which sends keystrokes to the connected PC to be decoded. This issue can be exploited to access the private key of a CPU product family or to perform an offline attack against a specific CPU of the family. An attacker with knowledge of the private key can then use these keys to sign any message and/or to impersonate any user of the protected product. The S7-1200 Software Controller (RTL variant) was also found to be vulnerable to keylogging and the private key being revealed in the described way. However, it is not vulnerable to the key being revealed in an offline attack against a single CPU of the family. The SIPLUS HMI environment is not affected by this issue. The vulnerability can be exploited by an attacker with low technical skills to access the private key of the family and to sign any message or impersonate any user of the protected product. An attacker with a privileged position in the network (for example, an attacker on the same network segment as the protected product) can take advantage of this vulnerability to reveal the private key of the family and to sign any message or impersonate any user of the protected product. On the other end of the attack spectrum, an attacker with low skills can use this vulnerability to access the private key of the family and to sign any message or impersonate any user of the protected product. Vulnerable products are mainly used in industrial control

References:

- https://www.cisco.com/c/dam/en_us/US_EN-US/securitycenter/cybersecurity-intelligence-reports-2016/CSCvf97622d.pdf

An insecure design flaw in the CPU product family allowed an attacker with knowledge of the private key to access the key and sign any message or impersonate any user of the protected product.

Products and versions affected

The vulnerability affects products of the following CPU families:
- Intel CPU family: Intel Core i3, Intel Core 2, Intel Pentium, and Intel Xeon
- AMD CPU family: AMD Ryzen

Products affected by this vulnerability

All current products of the affected CPU family are affected by this vulnerability.
Vulnerable products:
- S7-1200 Software Controller (RTL variant)
- S7-1500 Software Controller (RTL variant)
- S7-1700 Software Controller (RTL variant)
- S7-3500 Software Controller (RTL variant)
- SIPLUS HMI

References

• https://cert-portal.siemens.com/productcert/pdf/ssa-568427.pdf