CVE-2024-37998
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts of the affected applications can be reset without requiring the knowledge of the current password, given the auto login is enabled. This could allow an unauthorized attacker to obtain administrative access of the affected applications.
Se ha identificado una vulnerabilidad en CPCI85 Central Processing/Communication/ (todas las versiones < V5.40), SICORE Base system (todas las versiones < V1.4.0). La contraseña de las cuentas administrativas de las aplicaciones afectadas se puede restablecer sin necesidad de conocer la contraseña actual, siempre que el inicio de sesión automático esté habilitado. Esto podría permitir que un atacante no autorizado obtenga acceso administrativo a las aplicaciones afectadas.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-06-11 CVE Reserved
- 2024-07-22 CVE Published
- 2024-07-23 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-620: Unverified Password Change
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Siemens Search vendor "Siemens" | Cpci85 Firmware Search vendor "Siemens" for product "Cpci85 Firmware" | * | - |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Sicore Base System Search vendor "Siemens" for product "Sicore Base System" | * | - |
Affected
| ||||||