CVE-2024-43781Log File Information Exposure in Siemens Sinumerik 828d V4

CWE-532Log File Information ExposureCWE-79Cross-site Scripting4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 82.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Siemens Sinumerik 828d V4Siemens Sinumerik 840d SL V4Siemens Sinumerik ONE
Timeline
PublishedSep 10
Latest updateSep 9

Description

A vulnerability has been identified in SINUMERIK 828D V4 (All versions < V4.95 SP3), SINUMERIK 840D sl V4 (All versions < V4.95 SP3 in connection with using Create MyConfig (CMC) <= V4.8 SP1 HF6), SINUMERIK ONE (All versions < V6.23 in connection with using Create MyConfig (CMC) <= V6.6), SINUMERIK ONE (All versions < V6.15 SP4 in connection with using Create MyConfig (CMC) <= V6.6). Affected systems, that have been provisioned with Create MyConfig (CMC), contain a Insertion of Sensitive Informa

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

CVEListV5siemens/sinumerik_828d_v4< V4.95 SP3
CVEListV5siemens/sinumerik_840d_sl_v4< V4.95 SP3
CVEListV5siemens/sinumerik_one< V6.23+1

🔴Vulnerability Details

3
GHSA
Liferay Portal is vulnerable to XSS attack through its search bar portlet2025-09-09
CVEList
CVE-2024-43781: A vulnerability has been identified in SINUMERIK 828D V4 (All versions < V42024-09-10
GHSA
GHSA-g75j-c66m-v892: A vulnerability has been identified in SINUMERIK 828D V4 (All versions < V42024-09-10
CVE-2024-43781 — Log File Information Exposure | cvebase