SIMATIC STEP 7/TIA Portal <V19: Local Info Disclosure via Access Level Password
CVE-2022-46141 Published on December 12, 2023
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All versions < V19). An information disclosure vulnerability could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs, when entered by a legitimate user in the hardware configuration of the affected application.
Weakness Type
Cleartext Storage of Sensitive Information in Memory
The application stores sensitive information in cleartext in memory.
Products Associated with CVE-2022-46141
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-46141 are published in Siemens Simatic Step 7:
Affected Versions
Siemens SIMATIC STEP 7 (TIA Portal) Version All versions < V19 is affected by CVE-2022-46141Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.