CVE-2024-47553

CRITICAL

Siemens SINEC Security Monitor < V4.9.0 - Code Injection

Title source: llm

Description

A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged remote attacker to execute arbitrary code with root privileges on the underlying OS.

References (1)

[Patch, Third Party Advisory] https://cert-portal.siemens.com/productcert/html/ssa-430425.html

Scores

CVSS v3 9.9

EPSS 0.0295

EPSS Percentile 86.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-88

Status published

Products (1)

siemens/sinec_security_monitor < 4.9.0

Published Oct 08, 2024

Tracked Since Feb 18, 2026