CVE-2024-41171Incorrect Permission Assignment in Siemens Sinumerik 828d V4

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
0.0%
top 86.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Siemens Sinumerik 828d V4Siemens Sinumerik 828d V5Siemens Sinumerik 840d SL V4+1 more
Timeline
PublishedSep 10

Description

A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All versions < V5.24), SINUMERIK 840D sl V4 (All versions), SINUMERIK ONE (All versions < V6.24). Affected devices do not properly enforce access restrictions to scripts that are regularly executed by the system with elevated privileges. This could allow an authenticated local attacker to escalate their privileges in the underlying system.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages4 packages

CVEListV5siemens/sinumerik_828d_v5< V5.24
CVEListV5siemens/sinumerik_one< V6.24

🔴Vulnerability Details

2
CVEList
CVE-2024-41171: A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All versions < V52024-09-10
GHSA
GHSA-vp7w-7655-3xph: A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All versions < V52024-09-10
CVE-2024-41171 — Incorrect Permission Assignment | cvebase