CVE-2024-37998
CRITICALCPCI85 Central Processing/Communication < V5.40 - Privilege Escalation
Title source: llmDescription
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts of the affected applications can be reset without requiring the knowledge of the current password, given the auto login is enabled. This could allow an unauthorized attacker to obtain administrative access of the affected applications.
References (1)
Core 1
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-071402.html
Scores
CVSS v3
9.8
EPSS
0.0045
EPSS Percentile
35.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-620
Status
published
Products (2)
Siemens/CPCI85 Central Processing/Communication
< V5.40
Siemens/SICORE Base system
< V1.4.0
Published
Jul 22, 2024
Tracked Since
Feb 18, 2026