CVE-2022-33138
CVE-2022-33138
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
12 Jul 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). Affected devices do not perform authentication for several web API endpoints. This could allow an unauthenticated remote attacker to read and download data from the device.
Affected products
Siemens · SIMATIC MV540 HSiemens · SIMATIC MV540 SSiemens · SIMATIC MV550 HSiemens · SIMATIC MV550 SSiemens · SIMATIC MV560 USiemens · SIMATIC MV560 XWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →