VDB
SSA-097786
SSA-097786
PUBLISHED
CVSS 5.5 MEDIUM
SINUMERIK systems, that have been provisioned with Create MyConfig (CMC), are affected by a Insertion of Sensitive Information into Log File vulnerability. When using a CMC package on a NCU or on an IPC the password used in the CMC package or typed in manually during package execution is traced on the machine to the file uptrace.out. This could allow a local authenticated user with low privileges to read that password and use it to impersonate a user with higher privileges. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SINUMERIK 828D V4 | ||
| SINUMERIK ONE | ||
| SINUMERIK 840D sl V4 |
Exploit Intelligence
Timeline
- Sep 10, 2024 CVE Published