Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-43781

Sept. 10, 2024, 12:09 p.m.

CVSS Score

5.5 / 10

Product(s) Impacted

SINUMERIK 828D

  • before V4.95 SP3

SINUMERIK 840D sl

  • before V4.95 SP3 in connection with using Create MyConfig (CMC) <= V4.8 SP1 HF6

SINUMERIK ONE

  • before V6.23 in connection with using Create MyConfig (CMC) <= V6.6
  • before V6.15 SP4 in connection with using Create MyConfig (CMC) <= V6.6

Description

A vulnerability has been identified in SINUMERIK 828D V4 (All versions < V4.95 SP3), SINUMERIK 840D sl V4 (All versions < V4.95 SP3 in connection with using Create MyConfig (CMC) <= V4.8 SP1 HF6), SINUMERIK ONE (All versions < V6.23 in connection with using Create MyConfig (CMC) <= V6.6), SINUMERIK ONE (All versions < V6.15 SP4 in connection with using Create MyConfig (CMC) <= V6.6). Affected systems, that have been provisioned with Create MyConfig (CMC), contain a Insertion of Sensitive Information into Log File vulnerability. This could allow a local authenticated user with low privileges to read sensitive information and thus circumvent access restrictions.

Weaknesses

CWE-532
Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

CWE ID: 532

Date

Published: Sept. 10, 2024, 10:15 a.m.

Last Modified: Sept. 10, 2024, 12:09 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

productcert@siemens.com

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

Base Score
5.5
Exploitability Score
1.8
Impact Score
3.6
Base Severity
MEDIUM
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

https://cert-portal.siemens.com/ productcert@siemens.com