SIMATIC CN 4100 <V2.7: RCE via credential injection in intermid install
CVE-2023-49251 Published on January 9, 2024
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application allows an attacker to add their own login credentials to the device. This allows an attacker to remotely login as root and take control of the device even after the affected device is fully set up.
Weakness Type
What is an Insecure Direct Object Reference / IDOR Vulnerability?
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
CVE-2023-49251 has been classified to as an Insecure Direct Object Reference / IDOR vulnerability or weakness.
Products Associated with CVE-2023-49251
Want to know whenever a new CVE is published for Siemens Simatic Cn 4100? stack.watch will email you.
Affected Versions
Siemens SIMATIC CN 4100 Version All versions < V2.7 is affected by CVE-2023-49251Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.