Products
SINUMERIK 828D
- before V4.95 SP3
SINUMERIK 840D sl
- before V4.95 SP3 in connection with using Create MyConfig (CMC) <= V4.8 SP1 HF6
SINUMERIK ONE
- before V6.23 in connection with using Create MyConfig (CMC) <= V6.6
- before V6.15 SP4 in connection with using Create MyConfig (CMC) <= V6.6
Source
productcert@siemens.com
Tags
CVE-2024-43781 details
Last Modified : Sept. 10, 2024, 12:09 p.m.
Description
A vulnerability has been identified in SINUMERIK 828D V4 (All versions < V4.95 SP3), SINUMERIK 840D sl V4 (All versions < V4.95 SP3 in connection with using Create MyConfig (CMC) <= V4.8 SP1 HF6), SINUMERIK ONE (All versions < V6.23 in connection with using Create MyConfig (CMC) <= V6.6), SINUMERIK ONE (All versions < V6.15 SP4 in connection with using Create MyConfig (CMC) <= V6.6). Affected systems, that have been provisioned with Create MyConfig (CMC), contain a Insertion of Sensitive Information into Log File vulnerability. This could allow a local authenticated user with low privileges to read sensitive information and thus circumvent access restrictions.
CVSS Score
| 1 | 2 | 3 | 4 | 5.5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-532 | Insertion of Sensitive Information into Log File | Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
Base Score
5.5
Exploitability Score
1.8
Impact Score
3.6
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References
| URL | Source |
|---|---|
| https://cert-portal.siemens.com/productcert/html/ssa-097786.html | productcert@siemens.com |