CVERadar

CVE-2024-37998

Medium Severity

SVRS

30/100

CVSSv3

NA/10

EPSS

0.00155/1

CVE-2024-37998 allows password resets without the current password for administrative accounts in CPCI85 Central Processing/Communication and SICORE Base system when auto login is enabled. This vulnerability allows unauthorized attackers to gain administrative access. The CPCI85 Central Processing/Communication (All versions < V5.40) and SICORE Base system (All versions < V1.4.0) are affected. While the CVSS score is 0, indicating a low base score, the SOCRadar Vulnerability Risk Score (SVRS) is 30. This suggests a moderate level of risk due to potential exploitation in real-world scenarios, especially given that the vulnerability is tagged as "In The Wild." Immediate patching is not critical unless auto login is enabled, but monitoring for unusual activity is advised to prevent unauthorized access and potential system compromise. Organizations using these systems should verify their configuration and update to the latest versions to mitigate this risk.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

Siemens Patches Power Grid Product Flaw Allowing Backdoor Deployment - SecurityWeek

2024-07-24

Siemens Patches Power Grid Product Flaw Allowing Backdoor Deployment - SecurityWeek | News Content: Siemens this week published an out-of-band security advisory to announce the availability of patches for a couple of potentially serious vulnerabilities affecting some of its Sicam power grid products. The industrial giant informed customers that its Sicam A8000 product, which is a remote terminal unit (RTU) designed for telecontrol and automation in the energy supply sector, as well as the Sicam Enhanced Grid Sensor (EGS), and the Sicam 8 software are impacted. One of the vulnerabilities, tracked as CVE-2024-37998 and classified as ‘critical severity

news

google.com

rss

forum

Siemens SICAM Products

CISA2024-07-25

Siemens SICAM Products | As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF</p

lockbit

cisa.gov

rss

forum

CVE-2024-37998 | Siemens CPCI85 Central Processing unverified password change (ssa-071402)

vuldb.com2024-07-22

CVE-2024-37998 | Siemens CPCI85 Central Processing unverified password change (ssa-071402) | A vulnerability was found in Siemens CPCI85 Central Processing, Communication and SICORE Base system. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to unverified password change. This vulnerability is handled as CVE-2024-37998. The attack may be launched remotely. There is no exploit available. It is recommended to

vuldb.com

rss

forum

news

Social Media

Badhwar On Cyber

@Cyber_Sec_Raj

2024-07-29

Siemens published a security advisory to address two vulnerabilities in their SICAM products. One of the flaws (CVE-2024-37998) is a critical unverified password change issue that could be exploited to gain administrative access to vulnerable applications.

CRAC Learning - Tech

@cracbot

2024-07-26

CVE-2024-37998 (CVSS:9.8, CRITICAL) is Awaiting Analysis. A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base syste..https://t.co/VAEU8GZZfc #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

CVE

@CVEnew

2024-07-22

CVE-2024-37998 A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of adm… https://t.co/kiVysIFMXL

CVEFind.com

@CveFindCom

2024-07-22

[CVE-2024-37998: CRITICAL] Vulnerability found in CPCI85 & SICORE Base systems allowing admin password reset without prior knowledge. Risk of unauthorized access. #CyberSecurity#cybersecurity,#vulnerability https://t.co/RLXdt7qGzc https://t.co/pZ1BmW4NPX

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://cert-portal.siemens.com/productcert/html/ssa-071402.html

CWE Details

CWE ID	CWE Name	Description
CWE-620	Unverified Password Change	When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence