VDB
CISA-2024-36266
CISA-2024-36266
PUBLISHED
CVSS 9.3 CRITICAL
Reported by siemens · Published June 11, 2024
A vulnerability has been identified in PowerSys (All versions < V3.11). The affected application insufficiently protects responses to authentication requests. This could allow a local attacker to bypass authentication, thereby gaining administrative privileges for the managed remote devices.
Risk Scores
CVSS 3.1
9.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | PowerSys | 0 |
| siemens | powersys | 0, 0 |
| Siemens | PowerSys | 0, 0 |
Timeline
- Jun 11, 2024 CVE Published
- Aug 2, 2024 CVE Updated