Main Vulnerability Database Vulnerabilities #VU89612

Use of Hard-coded Password in SIMATIC CN 4100 - CVE-2024-32741

Published: May 17, 2024

Vulnerability identifier: #VU89612

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2024-32741

CWE-ID: CWE-259

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
SIMATIC CN 4100

Software vendor:
Siemens

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected device contains hard coded password which is used for the privileged system user root and for the boot loader GRUB by default. A remote attacker can gain root access to the target device.

Remediation

Install updates from vendor's website.

External links

https://cert-portal.siemens.com/productcert/html/ssa-273900.html

Use of Hard-coded Password in SIMATIC CN 4100 - CVE-2024-32741

Description

Remediation

External links

Please verify you're human