Skip to main content

Simatic Cn 4100 Firmware CVE-2024-32741

CRITICAL
Use of Hard-coded Password (CWE-259)
2024-05-14 productcert@siemens.com
10.0
CVSS 3.1 · Vendor: siemens
Share

Severity by source

Vendor (siemens) PRIMARY
10.0 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from Vendor (siemens) · only source for this CVE.

CVSS VectorVendor: siemens

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 14, 2024 - 16:17 cve.org
CRITICAL 10.0

DescriptionCVE.org

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user root and for the boot loader GRUB by default . An attacker who manages to crack the password hash gains root access to the device.

AnalysisAI

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-259. A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user root and for the boot loader GRUB by default . An attacker who manages to crack the password hash gains root access to the device. Affected products include: Siemens Simatic Cn 4100 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2024-32741 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy