VDB
CVE-2023-29130
CVE-2023-29130
PUBLISHED
CVSS 10 CRITICAL
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete device control.
EPSS 0.23% · 45.7th percentile
Risk Scores
CVSS 3.1
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.23%
45.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| siemens | simatic_cn_4100_firmware | 0, 0, 0 |
| Siemens | SIMATIC CN 4100 | * |
Exploit Intelligence
Timeline
- Jul 11, 2023 CVE Published
- Jul 12, 2023 EPSS Score
- Aug 16, 2023 EPSS Score
- Sep 19, 2023 EPSS Score
- Oct 24, 2023 EPSS Score
- Nov 27, 2023 EPSS Score
- Jan 1, 2024 EPSS Score
- Feb 5, 2024 EPSS Score
- Mar 10, 2024 EPSS Score
- Apr 14, 2024 EPSS Score
- May 18, 2024 EPSS Score
- Jun 22, 2024 EPSS Score
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-313488.pdf url
- https://cert-portal.siemens.com/productcert/html/ssa-764801.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-561322.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-313488.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-924149.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-146325.html advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-29130 advisory