SB2023091353 - Information disclosure in Siemens SIMATIC IPCs
Published: September 13, 2023
Security Bulletin ID
SB2023091353
Severity
Medium
Patch available
NO
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information exposure through microarchitectural state after transient execution (CVE-ID: CVE-2022-40982)
The vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to the way data is shared between threads whereby the AVX GATHER instructions on Intel processors can forward the content of stale vector registers to dependent instructions. A malicious guest can infer data from different contexts on the same core and execute arbitrary code with elevated privileges.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.