cnvd - cnvd-2024-38021

cnvd-2024-38021

Vulnerability from cnvd

Title: Siemens SINUMERIK ONE、SINUMERIK-840D和SINUMERIK828D权限提升漏洞

Description:

SINUMERIK CNC为车间、车间和大型批量生产环境提供自动化解决方案。 SINUMERIK ONE是一个数字原生数控系统，集成了SIMATIC S7-1500 CPU，用于自动化。

Siemens SINUMERIK ONE、SINUMERIK-840D和SINUMERIK828D存在权限提升漏洞，攻击者可利用该漏洞升级在底层系统中的权限。

Severity: 高

Patch Name: Siemens SINUMERIK ONE、SINUMERIK-840D和SINUMERIK828D权限提升漏洞的补丁

Patch Description:

SINUMERIK CNC为车间、车间和大型批量生产环境提供自动化解决方案。 SINUMERIK ONE是一个数字原生数控系统，集成了SIMATIC S7-1500 CPU，用于自动化。

Siemens SINUMERIK ONE、SINUMERIK-840D和SINUMERIK828D存在权限提升漏洞，攻击者可利用该漏洞升级在底层系统中的权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下供应商提供的安全公告获得补丁信息： https://cert-portal.siemens.com/productcert/html/ssa-342438.html

Reference: https://cert-portal.siemens.com/productcert/html/ssa-342438.html

Impacted products

Name
['Siemens SINUMERIK ONE', 'Siemens SINUMERIK 840D sl V4', 'Siemens SINUMERIK 828D V4', 'Siemens SINUMERIK 828D V5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-41171"
    }
  },
  "description": "SINUMERIK CNC\u4e3a\u8f66\u95f4\u3001\u8f66\u95f4\u548c\u5927\u578b\u6279\u91cf\u751f\u4ea7\u73af\u5883\u63d0\u4f9b\u81ea\u52a8\u5316\u89e3\u51b3\u65b9\u6848\u3002 SINUMERIK ONE\u662f\u4e00\u4e2a\u6570\u5b57\u539f\u751f\u6570\u63a7\u7cfb\u7edf\uff0c\u96c6\u6210\u4e86SIMATIC S7-1500 CPU\uff0c\u7528\u4e8e\u81ea\u52a8\u5316\u3002\n\nSiemens SINUMERIK ONE\u3001SINUMERIK-840D\u548cSINUMERIK828D\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5347\u7ea7\u5728\u5e95\u5c42\u7cfb\u7edf\u4e2d\u7684\u6743\u9650\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-342438.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-38021",
  "openTime": "2024-09-12",
  "patchDescription": "SINUMERIK CNC\u4e3a\u8f66\u95f4\u3001\u8f66\u95f4\u548c\u5927\u578b\u6279\u91cf\u751f\u4ea7\u73af\u5883\u63d0\u4f9b\u81ea\u52a8\u5316\u89e3\u51b3\u65b9\u6848\u3002 SINUMERIK ONE\u662f\u4e00\u4e2a\u6570\u5b57\u539f\u751f\u6570\u63a7\u7cfb\u7edf\uff0c\u96c6\u6210\u4e86SIMATIC S7-1500 CPU\uff0c\u7528\u4e8e\u81ea\u52a8\u5316\u3002\r\n\r\nSiemens SINUMERIK ONE\u3001SINUMERIK-840D\u548cSINUMERIK828D\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5347\u7ea7\u5728\u5e95\u5c42\u7cfb\u7edf\u4e2d\u7684\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SINUMERIK ONE\u3001SINUMERIK-840D\u548cSINUMERIK828D\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens SINUMERIK ONE",
      "Siemens SINUMERIK 840D sl V4",
      "Siemens SINUMERIK 828D V4",
      "Siemens SINUMERIK 828D V5"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-342438.html",
  "serverity": "\u9ad8",
  "submitTime": "2024-09-12",
  "title": "Siemens SINUMERIK ONE\u3001SINUMERIK-840D\u548cSINUMERIK828D\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2024-41171 (GCVE-0-2024-41171)

Vulnerability from cvelistv5

Published

2024-09-10 09:36

Modified

2024-09-10 15:03

Severity ?

8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
9.3 (Critical) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-732 - Incorrect Permission Assignment for Critical Resource

Summary

A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All versions < V5.24), SINUMERIK 840D sl V4 (All versions), SINUMERIK ONE (All versions < V6.24). Affected devices do not properly enforce access restrictions to scripts that are regularly executed by the system with elevated privileges. This could allow an authenticated local attacker to escalate their privileges in the underlying system.

References

▼	URL	Tags
	https://cert-portal.siemens.com/productcert/html/ssa-342438.html

Impacted products

Vendor

Product

Version

▼

Siemens

SINUMERIK 828D V4

Version: 0 < *

Siemens	SINUMERIK 828D V5	Version: 0 < V5.24
Siemens	SINUMERIK 840D sl V4	Version: 0 < *
Siemens	SINUMERIK ONE	Version: 0 < V6.24

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinumerik_840d_sl_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:sinumerik_one_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinumerik_one_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "6.24",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:sinumerik_828d_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sinumerik_828d_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "5.24",
                "status": "affected",
                "version": "4.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41171",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T14:54:43.895216Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T15:03:16.367Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SINUMERIK 828D V4",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINUMERIK 828D V5",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.24",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINUMERIK 840D sl V4",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINUMERIK ONE",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V6.24",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All versions \u003c V5.24), SINUMERIK 840D sl V4 (All versions), SINUMERIK ONE (All versions \u003c V6.24). Affected devices do not properly enforce access restrictions to scripts that are regularly executed by the system with elevated privileges. This could allow an authenticated local attacker to escalate their privileges in the underlying system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-732",
              "description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T09:36:46.244Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-342438.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-41171",
    "datePublished": "2024-09-10T09:36:46.244Z",
    "dateReserved": "2024-07-17T13:37:58.435Z",
    "dateUpdated": "2024-09-10T15:03:16.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted