Risk Scores
CVSS v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SINUMERIK 828D V4 | ||
| SINUMERIK ONE | ||
| SINUMERIK 840D sl V4 |
Timeline
- CVE Published
SINUMERIK systems, that have been provisioned with Create MyConfig (CMC), are affected by a Insertion of Sensitive Information into Log File vulnerability. When using a CMC package on a NCU or on an IPC the password used in the CMC package or typed in manually during package execution is traced on the machine to the file uptrace.out. This could allow a local authenticated user with low privileges to read that password and use it to impersonate a user with higher privileges. Siemens has released new versions for the affected products and recommends to update to the latest versions.
| Vendor | Product | Versions |
|---|---|---|
| SINUMERIK 828D V4 | ||
| SINUMERIK ONE | ||
| SINUMERIK 840D sl V4 |