SB2024051713 - Multiple vulnerabilities in Siemens SIMATIC CN 4100

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024051713

SB2024051713 - Multiple vulnerabilities in Siemens SIMATIC CN 4100

Published: May 17, 2024

Security Bulletin ID SB2024051713
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 67% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Use of hard-coded credentials (CVE-ID: CVE-2024-32740)

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker can access the affected system using the hard-coded credentials.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Use of Hard-coded Password (CVE-ID: CVE-2024-32741)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected device contains hard coded password which is used for the privileged system user root and for the boot loader GRUB by default. A remote attacker can gain root access to the target device.


3) Missing Immutable Root of Trust in Hardware (CVE-ID: CVE-2024-32742)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to the affected device contains an unrestricted USB port. An attacker with physical access can misuse the port for booting another operating system and gain complete read/write access to the filesystem.


Remediation

Install update from vendor's website.

References