First published: Tue Mar 08 2022(Updated: )
A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow local attackers to escalate their privileges to root.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Sinumerik Mc Firmware | <1.15 | |
Siemens Sinumerik Mc Firmware | =1.15 | |
Siemens Sinumerik Mc | ||
Siemens Sinumerik One Firmware | <6.15 | |
Siemens Sinumerik One Firmware | =6.15 | |
Siemens Sinumerik One |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-24408 is a vulnerability identified in SINUMERIK MC and SINUMERIK ONE that allows the execution of system commands or modification of system files.
CVE-2022-24408 impacts affected devices by providing several commands that can be used to execute system commands or modify system files.
All versions of SINUMERIK MC < V1.15 SP1 are affected by CVE-2022-24408.
All versions of SINUMERIK ONE < V6.15 SP1 are affected by CVE-2022-24408.
CVE-2022-24408 has a severity rating of 7.8 (high).
To fix CVE-2022-24408, it is recommended to update to SINUMERIK MC V1.15 SP1 or later and SINUMERIK ONE V6.15 SP1 or later.