Undocumented Users and Credentials Vulnerability Affects SIMATIC CN 4100
CVE-2024-32740

9.8CRITICAL

Key Information:

Vendor: Siemens
Status: Simatic Cn 4100
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-32740?

A security flaw has been detected in the SIMATIC CN 4100, impacting all versions prior to V3.0. The vulnerability stems from the presence of undocumented user accounts and credentials within the system. This opens a potential attack vector, allowing malicious actors to gain unauthorized access and control over the device, either locally or remotely. Such exploitation can lead to significant security risks, including manipulation of device functionalities and exposure of sensitive information.

Affected Version(s)

SIMATIC CN 4100 0

References

https://cert-portal.siemens.com/productcert/html/ssa-2739...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Apr 17, 2024

Siemens

What is CVE-2024-32740?

Affected Version(s)

References

CVSS V3.1

Timeline