// For flags

CVE-2024-41171

 

Severity Score

9.3
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All versions < V5.24), SINUMERIK 840D sl V4 (All versions), SINUMERIK ONE (All versions < V6.24). Affected devices do not properly enforce access restrictions to scripts that are regularly executed by the system with elevated privileges. This could allow an authenticated local attacker to escalate their privileges in the underlying system.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Attack Requirements
None
Privileges Required
Low
User Interaction
None
System
Vulnerable | Subsequent
Confidentiality
High
High
Integrity
High
High
Availability
High
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-07-17 CVE Reserved
  • 2024-09-10 CVE Published
  • 2024-09-10 CVE Updated
  • 2024-09-11 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Siemens
Search vendor "Siemens"
 SINUMERIK 828D V4
Search vendor "Siemens" for product "SINUMERIK 828D V4"
 0
Search vendor "Siemens" for product "SINUMERIK 828D V4" and version "0"
en
Affected
Siemens
Search vendor "Siemens"
 SINUMERIK 840D Sl V4
Search vendor "Siemens" for product "SINUMERIK 840D Sl V4"
 0
Search vendor "Siemens" for product "SINUMERIK 840D Sl V4" and version "0"
en
Affected