Unauthorized Access to Filesystem via Authentication Bypass
CVE-2024-50310

7.5HIGH

Key Information:

Vendor: Siemens
Status: Simatic Cp 1543-1 V4.0
Vendor: CVE Published:; 12 November 2024

Summary

A significant vulnerability has been identified in the SIMATIC CP 1543-1 product line, particularly affecting versions of the device between V4.0.44 and V4.0.50. The flaw relates to improper authorization handling, which can allow an unauthorized remote attacker to access the filesystem of affected devices. This presents a serious risk to the security and integrity of the device's operations, making it essential for organizations using these products to implement necessary security measures and updates.

Affected Version(s)

SIMATIC CP 1543-1 V4.0 V4.0.44

References

https://cert-portal.siemens.com/productcert/html/ssa-6547...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024
Vulnerability Reserved
Oct 22, 2024