Main Vulnerability Database SB2025052021

SB2025052021 - Missing Authentication for Critical Function in Siemens Desigo CC

Published: May 20, 2025

Security Bulletin ID SB2025052021

Severity

High

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Missing Authentication for Critical Function (CVE-ID: CVE-2024-23815)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to missing authentication for critical function. A remote attacker can modificate the client binary and execute arbitrary SQL queries on the server database via the event port.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://cert-portal.siemens.com/productcert/html/ssa-523418.html