SIMATIC CN 4100
CVEs (16)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-32741 | Cri | 0.65 | 10.0 | 0.01 | May 14, 2024 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot loader `GRUB` by default . An attacker who manages to crack the password hash gains… | ||
| CVE-2024-32740 | Cri | 0.64 | 9.8 | 0.01 | May 14, 2024 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device locally or over the network. | ||
| CVE-2023-49621 | Cri | 0.64 | 9.8 | 0.01 | Jan 9, 2024 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected… | ||
| CVE-2023-29130 | Cri | 0.64 | 9.9 | 0.00 | Jul 11, 2023 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete… | ||
| CVE-2026-22924 | Cri | 0.59 | 9.1 | 0.00 | May 12, 2026 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion conditions. This could allow an attacker to disrupt normal operations or… | ||
| CVE-2023-49251 | Hig | 0.57 | 8.8 | 0.01 | Jan 9, 2024 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application allows an attacker to add their own login credentials to the device. This allows an attacker to remotely login as root and take… | ||
| CVE-2026-22925 | Hig | 0.49 | 7.5 | 0.00 | May 12, 2026 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application is susceptible to resource exhaustion when subjected to high volume of TCP SYN packets This could allow an attacker to render the service unavailable and cause… | ||
| CVE-2024-32742 | Hig | 0.49 | 7.6 | 0.00 | May 14, 2024 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains an unrestricted USB port. An attacker with local access to the device could potentially misuse the port for booting another operating system and gain complete read/write… | ||
| CVE-2023-49252 | Hig | 0.49 | 7.5 | 0.01 | Jan 9, 2024 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The affected application allows IP configuration change without authentication to the device. This could allow an attacker to cause denial of service condition. | ||
| CVE-2023-29131 | Hig | 0.48 | 7.4 | 0.00 | Jul 11, 2023 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of an incorrect default value in the SSH configuration. This could allow an attacker to bypass network isolation. | ||
| CVE-2025-40593 | Med | 0.42 | 6.5 | 0.00 | Jul 8, 2025 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0). The affected application allows to control the device by storing arbitrary files in the SFTP folder of the device. This could allow an attacker to cause a denial of service condition. | ||
| CVE-2025-40941 | 0.00 | — | 0.00 | Dec 9, 2025 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected devices exposes server information in its responses. This could allow an attacker with network access to gain useful information, increasing the likelihood of targeted attacks. | |||
| CVE-2025-40940 | 0.00 | — | 0.00 | Dec 9, 2025 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected application exhibits inconsistent SNMP behavior, such as unexpected service availability and unreliable configuration handling across protocol versions. This could allow an attacker to… | |||
| CVE-2025-40939 | 0.00 | — | 0.00 | Dec 9, 2025 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected device contains a USB port which allows unauthenticated connections. This could allow an attacker with physical access to the device to trigger reboot that could cause denial of service… | |||
| CVE-2025-40938 | 0.00 | — | 0.00 | Dec 9, 2025 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected device stores sensitive information in the firmware. This could allow an attacker to access and misuse this information, potentially impacting the device’s confidentiality, integrity,… | |||
| CVE-2025-40937 | 0.00 | — | 0.00 | Dec 9, 2025 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected application do not properly validate input parameters in its REST API, resulting in improper handling of unexpected arguments. This could allow an authenticated attacker to execute… |
- risk 0.65cvss 10.0epss 0.01
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot loader `GRUB` by default . An attacker who manages to crack the password hash gains…
- risk 0.64cvss 9.8epss 0.01
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device locally or over the network.
- risk 0.64cvss 9.8epss 0.01
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected…
- risk 0.64cvss 9.9epss 0.00
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete…
- risk 0.59cvss 9.1epss 0.00
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion conditions. This could allow an attacker to disrupt normal operations or…
- risk 0.57cvss 8.8epss 0.01
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application allows an attacker to add their own login credentials to the device. This allows an attacker to remotely login as root and take…
- risk 0.49cvss 7.5epss 0.00
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application is susceptible to resource exhaustion when subjected to high volume of TCP SYN packets This could allow an attacker to render the service unavailable and cause…
- risk 0.49cvss 7.6epss 0.00
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains an unrestricted USB port. An attacker with local access to the device could potentially misuse the port for booting another operating system and gain complete read/write…
- risk 0.49cvss 7.5epss 0.01
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The affected application allows IP configuration change without authentication to the device. This could allow an attacker to cause denial of service condition.
- risk 0.48cvss 7.4epss 0.00
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of an incorrect default value in the SSH configuration. This could allow an attacker to bypass network isolation.
- risk 0.42cvss 6.5epss 0.00
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0). The affected application allows to control the device by storing arbitrary files in the SFTP folder of the device. This could allow an attacker to cause a denial of service condition.
- CVE-2025-40941Dec 9, 2025risk 0.00cvss —epss 0.00
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected devices exposes server information in its responses. This could allow an attacker with network access to gain useful information, increasing the likelihood of targeted attacks.
- CVE-2025-40940Dec 9, 2025risk 0.00cvss —epss 0.00
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected application exhibits inconsistent SNMP behavior, such as unexpected service availability and unreliable configuration handling across protocol versions. This could allow an attacker to…
- CVE-2025-40939Dec 9, 2025risk 0.00cvss —epss 0.00
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected device contains a USB port which allows unauthenticated connections. This could allow an attacker with physical access to the device to trigger reboot that could cause denial of service…
- CVE-2025-40938Dec 9, 2025risk 0.00cvss —epss 0.00
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected device stores sensitive information in the firmware. This could allow an attacker to access and misuse this information, potentially impacting the device’s confidentiality, integrity,…
- CVE-2025-40937Dec 9, 2025risk 0.00cvss —epss 0.00
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected application do not properly validate input parameters in its REST API, resulting in improper handling of unexpected arguments. This could allow an authenticated attacker to execute…