Missing Immutable Root of Trust in Hardware in SIMATIC CN 4100

#VU89613 Missing Immutable Root of Trust in Hardware in SIMATIC CN 4100

Published: 2024-05-17

Vulnerability identifier: #VU89613

Vulnerability risk: Low

CVSSv3.1: 6.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32742

CWE-ID: CWE-1326

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
SIMATIC CN 4100
Hardware solutions / Firmware

Vendor:

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to the affected device contains an unrestricted USB port. An attacker with physical access can misuse the port for booting another operating system and gain complete read/write access to the filesystem.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://cert-portal.siemens.com/productcert/html/ssa-273900.html

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Siemens SIMATIC CN 4100