SSA-981975 V1.1 (Last Update: 2023-11-14): Information Disclosure Vulnerability in Intel-CPUs (CVE-2022-40982) Impacting SIMATIC IPCs

2023-11-14 01:00 (CET) SIEMENS CERT

SSA-981975 V1.1 (Last Update: 2023-11-14): Information Disclosure Vulnerability in Intel-CPUs (CVE-2022-40982) Impacting SIMATIC IPCs

Several Intel-CPU based SIMATIC IPCs are affected by an information exposure vulnerability (CVE-2022-40982) in the CPU that could allow an authenticated local user to potentially read other users’ data [1].
The issue is also known as “Gather Data Sampling” (GDS) or Downfall Attacks. For details refer to the chapter “Additional Information”.
Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
[1] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html

https://cert-portal.siemens.com/productcert/html/ssa-981975.html