Main Vulnerability Database Vulnerabilities #VU89613

Missing Immutable Root of Trust in Hardware in SIMATIC CN 4100 - CVE-2024-32742

Published: May 17, 2024

Vulnerability identifier: #VU89613

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-32742

CWE-ID: CWE-1326

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
SIMATIC CN 4100

Software vendor:
Siemens

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to the affected device contains an unrestricted USB port. An attacker with physical access can misuse the port for booting another operating system and gain complete read/write access to the filesystem.

Remediation

Install updates from vendor's website.

External links

https://cert-portal.siemens.com/productcert/html/ssa-273900.html

Missing Immutable Root of Trust in Hardware in SIMATIC CN 4100 - CVE-2024-32742

Description

Remediation

External links

Please verify you're human