CVE-2023-49621

EPSS 0.15%
Published 09.01.2024 10:15:20
Last modified 21.11.2024 08:33:38
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Simatic Cn 4100 Version < 2.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.364

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
productcert@siemens.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-1392 Use of Default Credentials

The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

https://cert-portal.siemens.com/productcert/pdf/ssa-777015.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-49621

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-49621

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-49621

EUVD