Missing Immutable Root of Trust in Hardware in SIMATIC CN 4100 - CVE-2024-32742

 

Missing Immutable Root of Trust in Hardware in SIMATIC CN 4100 - CVE-2024-32742

Published: May 17, 2024


Vulnerability identifier: #VU89613
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-32742
CWE-ID: CWE-1326
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Siemens
Affected software:
SIMATIC CN 4100

Detailed vulnerability description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to the affected device contains an unrestricted USB port. An attacker with physical access can misuse the port for booting another operating system and gain complete read/write access to the filesystem.


How to mitigate CVE-2024-32742

Install updates from vendor's website.

Sources