First published: Tue Sep 10 2024(Updated: )
A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All versions < V5.24), SINUMERIK 840D sl V4 (All versions), SINUMERIK ONE (All versions < V6.24). Affected devices do not properly enforce access restrictions to scripts that are regularly executed by the system with elevated privileges. This could allow an authenticated local attacker to escalate their privileges in the underlying system.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens SINUMERIK 828D V4 | <= | |
Siemens SINUMERIK 828D V5 | <V5.24 | |
Siemens Sinumerik 840D SL | <= | |
Siemens Sinumerik One | <V6.24 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-41171 is classified as a high severity vulnerability due to its potential impact on system security.
To mitigate CVE-2024-41171, upgrade to the latest version of the affected SINUMERIK products as per Siemens' guidance.
CVE-2024-41171 affects SINUMERIK 828D V4, SINUMERIK 828D V5 (versions below V5.24), SINUMERIK 840D sl V4, and SINUMERIK ONE (versions below V6.24).
Exploitation of CVE-2024-41171 could lead to unauthorized access to sensitive scripts and system configurations.
Currently, no specific workaround has been published for CVE-2024-41171, so updating to the latest version is recommended.