Several Intel-CPU based SIMATIC IPCs are affected by an information exposure vulnerability (CVE-2022-40982) in the CPU that could allow an authenticated local user to potentially read other users’ data [1]. The issue is also known as “Gather Data Sampling” (GDS) or Downfall Attacks. For details refer to the chapter “Additional Information”. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. [1] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html
https://cert-portal.siemens.com/productcert/html/ssa-981975.html