CVE-2024-32741

CWE-2593 documents3 sources

Severity

10.0CRITICAL

EPSS

0.7%

top 27.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic CN 4100 Siemens Simatic CN 4100 Firmware

Timeline

PublishedMay 14

Description

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot loader `GRUB` by default . An attacker who manages to crack the password hash gains root access to the device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5siemens/simatic_cn_4100< V3.0

▶NVDsiemens/simatic_cn_4100_firmware< 3.0

🔴Vulnerability Details

GHSA

GHSA-7rvf-4cjx-jm5q: A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3↗2024-05-14

▶

CVEList

CVE-2024-32741: A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3↗2024-05-14

▶