CVE-2023-29130

CWE-284Improper Access Control3 documents3 sources
Severity
10.0CRITICAL
EPSS
0.2%
top 56.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Siemens Simatic CN 4100 FirmwareSiemens Simatic CN 4100
Timeline
PublishedJul 11

Description

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete device control.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages2 packages

CVEListV5siemens/simatic_cn_4100All versions < V2.5

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

2
GHSA
GHSA-hqc9-64cv-8vvf: A vulnerability has been identified in SIMATIC CN 4100 (All versions < V22023-07-11
CVEList
CVE-2023-29130: A vulnerability has been identified in SIMATIC CN 4100 (All versions < V22023-07-11