CVE-2024-23815Missing Authentication for Critical Function in Siemens Desigo CC

CWE-306Missing Authentication for Critical Function3 documents3 sources
Severity
8.7HIGHNVD
EPSS
0.2%
top 60.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Siemens Desigo CC
Timeline
PublishedMay 13

Description

A vulnerability has been identified in Desigo CC (All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone), Desigo CC (All versions if access from Installed Clients to Desigo CC server is only allowed within highly protected zones). The affected server application fails to authenticate specific client requests. Modification of the client binary could allow an unauthenticated remote attacker to execute arbitrary SQL queries on

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5siemens/desigo_cc< *

🔴Vulnerability Details

2
CVEList
CVE-2024-23815: A vulnerability has been identified in Desigo CC (All versions if access from Installed Clients to Desigo CC server is allowed from networks outside o2025-05-13
GHSA
GHSA-xgrg-cw4v-4h6g: A vulnerability has been identified in Desigo CC (All versions if access from Installed Clients to Desigo CC server is allowed from networks outside o2025-05-13
CVE-2024-23815 — Siemens Desigo CC vulnerability | cvebase