Main Vulnerability Database Vulnerabilities #VU87485

Improper access control in Siemens products - CVE-2024-21483

Published: March 13, 2024

Vulnerability identifier: #VU87485

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-21483

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
SENTRON 7KM PAC3120 AC/DC
SENTRON 7KM PAC3120 DC
SENTRON 7KM PAC3220 AC/DC
SENTRON 7KM PAC3220 DC

Software vendor:
Siemens

Description

The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. An attacker with physical access can bypass implemented security restrictions and gain unauthorized access to sensitive information.

Remediation

Install updates from vendor's website.

External links

https://cert-portal.siemens.com/productcert/html/ssa-792319.html

Improper access control in Siemens products - CVE-2024-21483

Description

Remediation

External links

Please verify you're human