Published: 08/03/2022 Updated: 11/03/2022

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow local malicious users to escalate their privileges to root.

Vulnerable Product	Search on Vulmon	Subscribe to Product
siemens sinumerik_mc_firmware
siemens sinumerik_mc_firmware 1.15
siemens sinumerik_one_firmware
siemens sinumerik_one_firmware 6.15

Critical Infrastructure Sectors: Critical Manufacturing

CWE-269 https://cert-portal.siemens.com/productcert/pdf/ssa-337210.pdf https://nvd.nist.gov https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-11

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-24408

Vulnerability Summary

Vulnerability Trend

ICS Advisories

References

Vulmon Search

About

Products

Connect