all InfoSec news
SSA-981975 V1.0: Information Disclosure Vulnerability in Intel-CPUs (CVE-2022-40982) Impacting SIMATIC IPCs
Siemens ProductCERT Security Advisories cert-portal.siemens.com
Several Intel-CPU based SIMATIC IPCs are affected by an information exposure vulnerability (CVE-2022-40982) in the CPU that could allow an authenticated local user to potentially read other users’ data [1].
The issue is also known as “Gather Data Sampling” (GDS) or Downfall Attacks. For details refer to the chapter “Additional Information”.
Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
[1] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html
attacks cpu cpus cve data disclosure downfall exposure information information disclosure information disclosure vulnerability intel issue local simatic ssa vulnerability