CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-33138

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). Affected devices do not perform authentication for several web API endpoints. This could allow an unauthenticated remote attacker to read and download data from the device.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 66.1%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

Products affected by CVE-2022-33138

Siemens » Simatic Mv540 H » Version: N/A

cpe:2.3:h:siemens:simatic_mv540_h:-
Siemens » Simatic Mv540 S » Version: N/A

cpe:2.3:h:siemens:simatic_mv540_s:-
Siemens » Simatic Mv550 H » Version: N/A

cpe:2.3:h:siemens:simatic_mv550_h:-
Siemens » Simatic Mv550 S » Version: N/A

cpe:2.3:h:siemens:simatic_mv550_s:-
Siemens » Simatic Mv560 U » Version: N/A

cpe:2.3:h:siemens:simatic_mv560_u:-
Siemens » Simatic Mv560 X » Version: N/A

cpe:2.3:h:siemens:simatic_mv560_x:-
Siemens » Simatic Mv540 H Firmware » Version: Any

cpe:2.3:o:siemens:simatic_mv540_h_firmware:*
Siemens » Simatic Mv540 S Firmware » Version: Any

cpe:2.3:o:siemens:simatic_mv540_s_firmware:*
Siemens » Simatic Mv550 H Firmware » Version: Any

cpe:2.3:o:siemens:simatic_mv550_h_firmware:*
Siemens » Simatic Mv550 S Firmware » Version: Any

cpe:2.3:o:siemens:simatic_mv550_s_firmware:*
Siemens » Simatic Mv560 U Firmware » Version: Any

cpe:2.3:o:siemens:simatic_mv560_u_firmware:*
Siemens » Simatic Mv560 X Firmware » Version: Any

cpe:2.3:o:siemens:simatic_mv560_x_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-33138

Products

Pricing

Contact Us