USB Vulnerability Allows Attackers to Boot Another OS and Access File System
CVE-2024-32742

7.6HIGH

Key Information:

Vendor: Siemens
Status: Simatic Cn 4100
Vendor: CVE Published:; 14 May 2024

Summary

A significant vulnerability has been found in the SIMATIC CN 4100 produced by Siemens. The device features an unrestricted USB port, which allows an attacker with local access to leverage it for booting an alternative operating system. This exploitation grants the attacker comprehensive read/write access to the device's filesystem. The potential for unauthorized modifications and data breaches calls for immediate attention to secure devices running versions prior to V3.0.

Affected Version(s)

SIMATIC CN 4100 0

References

https://cert-portal.siemens.com/productcert/html/ssa-2739...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Apr 17, 2024