Siemens SIMATIC STEP 7 is a software program used for designing and programming control systems, including programmable logic controllers (PLCs) and automation systems. It is part of the SIMATIC industry software suite from Siemens and optimized for SIMATIC S7-300 and S7-400 controller hardware. With a comprehensive range of functions, wizards, and options, it covers all tasks from programming and test to commissioning and service.

Siemens SIMATIC STEP 7

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All versions < V19). An information disclosure vulnerability could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs, when entered by a legitimate user in the hardware configuration of the affected application.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2023-25910	HIGH	8.8	Siemens SIMATIC STEP 7	cpe:2.3:a:siemens:simatic_step_7	No	Yes	Jun 13, 2023
CVE-2022-45147	HIGH	8.5	Siemens SIMATIC STEP 7	cpe:2.3:a:siemens:simatic_step_7	No	Yes	Jul 09, 2024
CVE-2021-42029	HIGH	7.8	Siemens SIMATIC STEP 7	cpe:2.3:a:siemens:simatic_step_7	No	No	Apr 12, 2022
CVE-2023-32737	HIGH	7	Siemens SIMATIC STEP 7	cpe:2.3:a:siemens:simatic_step_7	No	Yes	Jul 09, 2024
CVE-2022-46141	MEDIUM	5.5	Siemens SIMATIC STEP 7	cpe:2.3:a:siemens:simatic_step_7	No	Yes	Dec 12, 2023

CVE-2022-46141:
Siemens SIMATIC STEP 7 vulnerability analysis and mitigation

5.5

Related Siemens SIMATIC STEP 7 vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2022-46141: Siemens SIMATIC STEP 7 vulnerability analysis and mitigation