CVE-2022-24408

Published: Mar 8, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow local attackers to escalate their privileges to root.

Affected (4)

Products: Siemens: Sinumerik Mc Firmware, Sinumerik One Firmware

2 products

Sinumerik Mc Firmware

Sinumerik One Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Sinumerik Mc Firmware	Before 1.15
Siemens Sinumerik Mc Firmware	Version 1.15

Running on/with	Platform Versions
Siemens Sinumerik Mc	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Sinumerik One Firmware	Before 6.15
Siemens Sinumerik One Firmware	Version 6.15

Running on/with	Platform Versions
Siemens Sinumerik One	All versions

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-337210.pdf

Source: productcert@siemens.com

MitigationVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-337210.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.