Several Intel-CPU based SIMATIC IPCs are affected by an information exposure vulnerability (CVE-2022-40982) in the CPU that could allow an authenticated local user to potentially read other users’ data [1].
The issue is also known as “Gather Data Sampling” (GDS) or Downfall Attacks. For details refer to the chapter “Additional Information”.
Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.