Description
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application allows an attacker to add their own login credentials to the device. This allows an attacker to remotely login as root and take control of the device even after the affected device is fully set up.
References (1)
Core 1
Core References
Patch, Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-777015.pdf
Scores
CVSS v3
8.8
EPSS
0.0031
EPSS Percentile
54.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-639
Status
published
Products (1)
siemens/simatic_cn_4100_firmware
< 2.7
Published
Jan 09, 2024
Tracked Since
Feb 18, 2026