Hardcoded Password Vulnerability Affects SIMATIC CN 4100 Devices
CVE-2024-32741

10CRITICAL

Key Information:

Vendor: Siemens
Status: Simatic Cn 4100
Vendor: CVE Published:; 14 May 2024

Summary

A significant vulnerability has been identified in the Siemens SIMATIC CN 4100, specifically affecting all versions prior to V3.0. This vulnerability arises from the presence of hard coded passwords that are used for the privileged system user 'root' and the boot loader 'GRUB'. If an attacker successfully cracks the password hash, they could gain unauthorized root access to the device, leading to potential manipulation of system settings and data. The default use of these credentials poses a considerable risk, emphasizing the necessity for prompt remediation and security enhancements.

Affected Version(s)

SIMATIC CN 4100 0

References

https://cert-portal.siemens.com/productcert/html/ssa-2739...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Apr 17, 2024