CVE-2024-32742
Vulnerability from cvelistv5
Published
2024-05-14 10:02
Modified
2024-08-02 02:20
Severity
Summary
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains an unrestricted USB port. An attacker with local access to the device could potentially misuse the port for booting another operating system and gain complete read/write access to the filesystem.
References
Impacted products
Vendor | Product |
---|---|
Siemens | SIMATIC CN 4100 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:simatic_cn_4100:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_cn_4100", "vendor": "siemens", "versions": [ { "lessThan": "3.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32742", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T12:43:18.352073Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T17:34:34.134Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:20:35.285Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-273900.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC CN 4100", "vendor": "Siemens", "versions": [ { "lessThan": "V3.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC CN 4100 (All versions \u003c V3.0). The affected device contains an unrestricted USB port. An attacker with local access to the device could potentially misuse the port for booting another operating system and gain complete read/write access to the filesystem." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1326", "description": "CWE-1326: Missing Immutable Root of Trust in Hardware", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-15T07:24:36.881Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-273900.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-32742", "datePublished": "2024-05-14T10:02:49.388Z", "dateReserved": "2024-04-17T12:35:40.942Z", "dateUpdated": "2024-08-02T02:20:35.285Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-32742\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2024-05-14T16:17:12.103\",\"lastModified\":\"2024-05-14T19:17:55.627\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SIMATIC CN 4100 (All versions \u003c V3.0). The affected device contains an unrestricted USB port. An attacker with local access to the device could potentially misuse the port for booting another operating system and gain complete read/write access to the filesystem.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en SIMATIC CN 4100 (todas las versiones \u0026lt; V3.0). El dispositivo afectado contiene un puerto USB sin restricciones. Un atacante con acceso local al dispositivo podr\u00eda hacer un mal uso del puerto para iniciar otro sistema operativo y obtener acceso completo de lectura/escritura al sistema de archivos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.6,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1326\"}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-273900.html\",\"source\":\"productcert@siemens.com\"}]}}" } }
Loading...