Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-49621 | 1 Siemens | 1 Simatic Cn 4100 | 2024-11-21 | N/A | 9.8 CRITICAL |
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device. | |||||
CVE-2023-49252 | 1 Siemens | 1 Simatic Cn 4100 | 2024-11-21 | N/A | 7.5 HIGH |
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The affected application allows IP configuration change without authentication to the device. This could allow an attacker to cause denial of service condition. | |||||
CVE-2023-49251 | 1 Siemens | 1 Simatic Cn 4100 | 2024-11-21 | N/A | 8.8 HIGH |
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application allows an attacker to add their own login credentials to the device. This allows an attacker to remotely login as root and take control of the device even after the affected device is fully set up. | |||||
CVE-2023-29131 | 1 Siemens | 1 Simatic Cn 4100 | 2024-11-21 | N/A | 7.4 HIGH |
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of an incorrect default value in the SSH configuration. This could allow an attacker to bypass network isolation. | |||||
CVE-2023-29130 | 1 Siemens | 1 Simatic Cn 4100 | 2024-11-21 | N/A | 9.9 CRITICAL |
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete device control. |