CVE-2024-32741
published 2024-05-14CVE-2024-32741: A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged…
critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot loader `GRUB` by default . An attacker who manages to crack the password hash gains root access to the device.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_cn_4100 | < V3.0 | V3.0 |
| siemens | simatic_cn_4100_firmware | < 3.0 | 3.0 |