CVE-2024-32740

CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.9%

top 25.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic CN 4100 Siemens Simatic CN 4100 Firmware

Timeline

PublishedMay 14

Description

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device locally or over the network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5siemens/simatic_cn_4100< V3.0

▶NVDsiemens/simatic_cn_4100_firmware< 3.0

🔴Vulnerability Details

CVEList

CVE-2024-32740: A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3↗2024-05-14

▶

GHSA

GHSA-9j9j-j88x-9vc6: A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3↗2024-05-14

▶