CVE-2023-49621
CVE-2023-49621
In short
SIMATIC CN 4100 devices in initial setup use a default admin password that is publicly known, allowing anyone to take complete control of the device if they can reach it on the network.
Technical detail
The vulnerability exploits hardcoded default credentials with administrative privileges in the intermediate installation state (CWE-1392). An unauthenticated remote attacker with network access to the device can authenticate using well-known default credentials to gain full administrative control, affecting all versions prior to V2.7.
Summary generated and translated by AI from the official description.
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected products
Siemens · SIMATIC CN 4100Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →