CVE-2024-41171

CVSS 9.3 CRITICALEPSS 0.1%CWE-732

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.3EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

10 Sep 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All versions < V5.24), SINUMERIK 840D sl V4 (All versions), SINUMERIK ONE (All versions < V6.24). Affected devices do not properly enforce access restrictions to scripts that are regularly executed by the system with elevated privileges. This could allow an authenticated local attacker to escalate their privileges in the underlying system.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected products

Siemens · SINUMERIK 828D V4 Siemens · SINUMERIK 828D V5 Siemens · SINUMERIK 840D sl V4 Siemens · SINUMERIK ONE

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cert-portal.siemens.com/productcert/html/ssa-342438.html