CVE-2024-50310Incorrect Authorization in Siemens Simatic CP 1543-1 V4.0

CWE-863Incorrect Authorization3 documents3 sources
Severity
8.7HIGHNVD
EPSS
0.6%
top 31.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Siemens Simatic CP 1543-1 V4.0Siemens Simatic CP 1543-1 Firmware
Timeline
PublishedNov 12

Description

A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >= V4.0.44 < V4.0.50). Affected devices do not properly handle authorization. This could allow an unauthenticated remote attacker to gain access to the filesystem.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5siemens/simatic_cp_1543-1_v4.0V4.0.44V4.0.50
NVDsiemens/simatic_cp_1543-1_firmware4.0.444.0.50

Patches

Patch: cert-portal.siemens.com

🔴Vulnerability Details

2
CVEList
CVE-2024-50310: A vulnerability has been identified in SIMATIC CP 1543-1 V42024-11-12
GHSA
GHSA-84fj-mc2g-vcqc: A vulnerability has been identified in SIMATIC CP 1543-1 V42024-11-12
CVE-2024-50310 — Incorrect Authorization in Siemens | cvebase