CVE-2024-32741

Critical

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is…

siemens·CWE-259·Published 2024-05-14

CVSS

10.0

EPSS

0.01

KEV

Exploits

cve.orgen

306 chars

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot loader `GRUB` by default . An attacker who manages to crack the password hash gains root access to the device.

NVDen

306 chars

NVDes

367 chars

Se ha identificado una vulnerabilidad en SIMATIC CN 4100 (todas las versiones < V3.0). El dispositivo afectado contiene una contraseña codificada que se utiliza para el usuario privilegiado del sistema "root" y para el cargador de arranque "GRUB" de forma predeterminada. Un atacante que logra descifrar el hash de la contraseña obtiene acceso root al dispositivo.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	10.0	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
3.1	Primary	cve.org	10.0	—	—