VDB

CISA-2024-36266

CISA-2024-36266 PUBLISHED CVSS 9.3 CRITICAL

Reported by siemens · Published June 11, 2024

A vulnerability has been identified in PowerSys (All versions < V3.11). The affected application insufficiently protects responses to authentication requests. This could allow a local attacker to bypass authentication, thereby gaining administrative privileges for the managed remote devices.

Risk Scores

CVSS 3.1
9.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersions
SiemensPowerSys0
siemenspowersys0, 0
SiemensPowerSys0, 0

Timeline

  • Jun 11, 2024 CVE Published
  • Aug 2, 2024 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›