CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-32741

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00198/1

CVE-2024-32741: Hardcoded credentials in SIMATIC CN 4100 devices allow unauthorized root access. This vulnerability exposes devices to complete compromise if attackers crack the password hash. The affected devices utilize hardcoded passwords for the privileged system user root and the boot loader GRUB. Although the CVSS score is 0, indicating a less immediately exploitable issue, the presence of hardcoded credentials is a significant security risk. An attacker exploiting this flaw could gain full control of the device, potentially leading to data breaches, system manipulation, or denial of service. While the current SOCRadar Vulnerability Risk Score (SVRS) is 30, the fact that this vulnerability relates to hardcoded credentials and provides root access means it requires monitoring. Organizations using SIMATIC CN 4100 should immediately update to V3.0 or later and take steps to mitigate the risk by changing the default passwords. This vulnerability falls under CWE-259, indicating the use of hard-coded passwords.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-05-14
LAST MODIFIED2024-05-14

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Vulnerability Summary for the Week of May 13, 2024
CISA2024-05-20
Vulnerability Summary for the Week of May 13, 2024 | High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source &amp; Patch Info <
cisa.gov
rss
forum
news
Siemens SIMATIC CN 4100 Before V3.0
CISA2024-05-16
Siemens SIMATIC CN 4100 Before V3.0 | As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).&nbsp;View CSAF<
cve-2024-32741
cve-2024-32740
cve-2024-32742
domains
CVE-2024-32741 | Siemens SIMATIC CN 4100 up to 2.x GRUB hard-coded password (ssa-273900)
vuldb.com2024-05-14
CVE-2024-32741 | Siemens SIMATIC CN 4100 up to 2.x GRUB hard-coded password (ssa-273900) | A vulnerability was found in Siemens SIMATIC CN 4100 up to 2.x. It has been rated as critical. This issue affects some unknown processing of the component GRUB. The manipulation leads to use of hard-coded password. The identification of this vulnerability is CVE-2024-32741
cve-2024-32741
domains
urls
cves

Social Media

The Siemens SIMATIC CN 4100 has been discovered to possess a severe vulnerability, known as CVE-2024-32741, with a CVSS rating of 10. This security flaw has been uncovered and presents a substantial threat to the system. Details: https://t.co/8V1v5lcVrR
0
0
0
CVE-2024-32741 (CVSS 10): Siemens SIMATIC CN 4100 Critical Vulnerability Exposed https://t.co/xRQQCjTi3Y
0
0
4
CVE-2024-32741 A vulnerability has been identified in SIMATIC CN 4100 (All versions &lt; V3.0). The affected device contains hard coded password which is used for the privileged system… https://t.co/oYvH8LNFes
0
0
1

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://cert-portal.siemens.com/productcert/html/ssa-273900.html

CWE Details

CWE IDCWE NameDescription
CWE-259Use of Hard-coded PasswordThe software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence