Unauthorized IP Configuration Changes in SIMATIC CN 4100 by Siemens
CVE-2023-49252

7.5HIGH

Key Information:

Vendor: Siemens
Status: SIMATIC CN 4100
Vendor: CVE Published:; 9 January 2024

What is CVE-2023-49252?

A security weakness exists in the SIMATIC CN 4100, impacting all versions prior to V2.7. This flaw permits unauthorized modifications to IP configurations, which could lead to the disruption of service. The lack of authentication for such changes could be exploited by an attacker, potentially resulting in a denial of service. Organizations utilizing this software must ensure they are operating on supported versions to mitigate this risk.

Affected Version(s)

SIMATIC CN 4100 All versions < V2.7

References

https://cert-portal.siemens.com/productcert/pdf/ssa-77701...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2024
Vulnerability Reserved
Nov 24, 2023