CVE-2024-43781 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-43781 PUBLISHED CVSS 5.5 MEDIUM

A vulnerability has been identified in SINUMERIK 828D V4 (All versions < V4.95 SP3), SINUMERIK 840D sl V4 (All versions < V4.95 SP3 in connection with using Create MyConfig (CMC) <= V4.8 SP1 HF6), SINUMERIK ONE (All versions < V6.23 in connection with using Create MyConfig (CMC) <= V6.6), SINUMERIK ONE (All versions < V6.15 SP4 in connection with using Create MyConfig (CMC) <= V6.6). Affected systems, that have been provisioned with Create MyConfig (CMC), contain a Insertion of Sensitive Information into Log File vulnerability. This could allow a local authenticated user with low privileges to read sensitive information and thus circumvent access restrictions.

EPSS 0.06% · 17.5th percentile

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

EPSS Score

0.06%

17.5th percentile

Affected Products

Vendor	Product	Versions
Siemens	SINUMERIK ONE	0, 0, 0
Siemens	SINUMERIK 828D V4	0, 0, 0
Siemens	SINUMERIK 840D sl V4	0, 0, 0

Timeline

Sep 10, 2024 CVE Published
Sep 10, 2024 PoC Published
Sep 11, 2024 EPSS Score
Sep 30, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 20, 2024 EPSS Score
Nov 8, 2024 EPSS Score
Nov 27, 2024 EPSS Score
Dec 17, 2024 EPSS Score
Jan 6, 2025 EPSS Score
Jan 25, 2025 EPSS Score
Feb 13, 2025 EPSS Score

References

Open in Interactive Console →