Undocumented Users and Credentials Vulnerability Affects SIMATIC CN 4100
CVE-2024-32740

9.8CRITICAL

Key Information:

Vendor: Siemens
Status: Simatic Cn 4100
Vendor: CVE Published:; 14 May 2024

Summary

A security flaw has been detected in the SIMATIC CN 4100, impacting all versions prior to V3.0. The vulnerability stems from the presence of undocumented user accounts and credentials within the system. This opens a potential attack vector, allowing malicious actors to gain unauthorized access and control over the device, either locally or remotely. Such exploitation can lead to significant security risks, including manipulation of device functionalities and exposure of sensitive information.

Affected Version(s)

SIMATIC CN 4100 0

References

https://cert-portal.siemens.com/productcert/html/ssa-2739...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Apr 17, 2024

Collectors

NVD DatabaseMitre Database