Unrated severityNVD Advisory· Published Mar 8, 2022· Updated Aug 3, 2024

CVE-2022-24408

Description

A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow local attackers to escalate their privileges to root.

Affected products

Siemens Foundation/SINUMERIK ONEcpe-rescue2 versions
All versions < V1.15 SP1+ 1 more
- (no CPE)range: All versions < V1.15 SP1
- (no CPE)range: All versions < V6.15 SP1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert-portal.siemens.com/productcert/pdf/ssa-337210.pdfmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000