Exploiting a Classic Deserialization Vulnerability in Siemens SIMATIC Energy Manager
ID: 56b6eb68-633d-5b91-ba52-518746a770c6
STIX ID: report--56b6eb68-633d-5b91-ba52-518746a770c6
Feed Name: Claroty Team82
Threat Score
Team82 disclosed a critical pre-authentication deserialization vulnerability (CVE-2022-23450, CVSS 10.0) in Siemens SIMATIC Energy Manager (EnMPro) that allows unauthenticated remote code execution via unsafe .NET BinaryFormatter deserialization over the product's TCP/4444 protocol; Siemens patched the issue in EnMPro V7.3 Update 1 and users are urged to update.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.