SINEC Security Monitor Vulnerability - Arbitrary Code Execution
CVE-2024-47553

9.9CRITICAL

Key Information:

Vendor: Siemens
Status: Siemens Sinec Security Monitor
Vendor: CVE Published:; 8 October 2024

Summary

A vulnerability exists in the Siemens SINEC Security Monitor prior to version 4.9.0, where the application fails to adequately validate user input processed by the 'ssmctl-client' command. This shortcoming may enable an authenticated, low-privilege remote attacker to execute arbitrary code with elevated privileges, potentially compromising the integrity and security of the underlying operating system. Proper measures should be taken to mitigate this risk by updating to the latest version or applying recommended security practices.

Affected Version(s)

Siemens SINEC Security Monitor 0

References

https://cert-portal.siemens.com/productcert/html/ssa-4304...

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 8, 2024
Vulnerability Reserved
Sep 26, 2024