CVE-2022-33138

Summary

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). Affected devices do not perform authentication for several web API endpoints. This could allow an unauthenticated remote attacker to read and download data from the device.

Affected Software

VendorProductVersion RangeStatus
SiemensSIMATIC MV540 HAll versions < V3.3affected
SiemensSIMATIC MV540 SAll versions < V3.3affected
SiemensSIMATIC MV550 HAll versions < V3.3affected
SiemensSIMATIC MV550 SAll versions < V3.3affected
SiemensSIMATIC MV560 UAll versions < V3.3affected
SiemensSIMATIC MV560 XAll versions < V3.3affected

Weaknesses

  • CWE-306: CWE-306: Missing Authentication for Critical Function

ADP Enrichment

CVE Program Container

Additional References

References