SINEC Security Monitor Vulnerability Affects Authentication and Privilege Escalation
CVE-2024-47562

8.8HIGH

Key Information:

Vendor: Siemens
Status: Siemens Sinec Security Monitor
Vendor: CVE Published:; 8 October 2024

What is CVE-2024-47562?

A vulnerability has been detected in the Siemens SINEC Security Monitor, specifically affecting all versions prior to V4.9.0. This security issue arises due to inadequate neutralization of special elements in user input sent to the 'ssmctl-client' command. As a result, an authenticated local attacker with low privileges could exploit this weakness to execute privileged commands within the underlying operating system. This poses potential risks to system integrity and data security.

Affected Version(s)

Siemens SINEC Security Monitor 0

References

https://cert-portal.siemens.com/productcert/html/ssa-4304...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 8, 2024
Vulnerability Reserved
Sep 27, 2024