SINUMERIK Devices Vulnerable to Privilege Escalation Attacks
CVE-2024-41171

8.8HIGH

Key Information:

Vendor: Siemens
Status: Sinumerik 828d V4; Sinumerik 828d V5; Sinumerik 840d Sl V4; Sinumerik One
Vendor: CVE Published:; 10 September 2024

Summary

A vulnerability has been identified in various Siemens SINUMERIK products where access restrictions to scripts executed with elevated privileges are not properly enforced. This flaw affects devices including SINUMERIK 828D, SINUMERIK 840D sl, and SINUMERIK ONE, allowing an authenticated local attacker to escalate privileges, potentially leading to unauthorized control over the system. The issue exists across all versions of SINUMERIK 828D V4 and 840D sl V4, as well as versions of SINUMERIK ONE prior to V6.24, thus posing risks to operational integrity. For more information, visit the official Siemens CERT portal.

Affected Version(s)

SINUMERIK 828D V4 0

SINUMERIK 828D V5 0

SINUMERIK 840D sl V4 0

References

https://cert-portal.siemens.com/productcert/html/ssa-3424...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Jul 17, 2024