Use of Hard-coded Password in SIMATIC CN 4100 - CVE-2024-32741

 

Use of Hard-coded Password in SIMATIC CN 4100 - CVE-2024-32741

Published: May 17, 2024


Vulnerability identifier: #VU89612
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2024-32741
CWE-ID: CWE-259
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Siemens
Affected software:
SIMATIC CN 4100

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected device contains hard coded password which is used for the privileged system user root and for the boot loader GRUB by default. A remote attacker can gain root access to the target device.


How to mitigate CVE-2024-32741

Install updates from vendor's website.

Sources