Insufficiently protected credentials in Siemens CPCI85 Central Processing/Communication
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-53832 |
| CWE-ID | CWE-522 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
CPCI85 Central Processing/Communication Hardware solutions / Firmware |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Insufficiently protected credentials
EUVDB-ID: #VU101656
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-53832
CWE-ID:
CWE-522 - Insufficiently Protected Credentials
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to the affected devices contain a secure element which is connected via an unencrypted SPI bus. An attacker with physical access can decrypt all encrypted update files.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCPCI85 Central Processing/Communication: before 05.30
CPE2.3 External linkshttp://cert-portal.siemens.com/productcert/html/ssa-128393.html
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
