CVE-2023-49621

EPSS 0.15%
Veröffentlicht 09.01.2024 10:15:20
Zuletzt bearbeitet 21.11.2024 08:33:38
Quelle productcert@siemens.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Simatic Cn 4100 Version < 2.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.364

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
productcert@siemens.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-1392 Use of Default Credentials

The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

https://cert-portal.siemens.com/productcert/pdf/ssa-777015.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-49621

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-49621

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-49621

EUVD