PT-2022-16677 · Siemens · Sinumerik One+1

Published

2022-03-08

Updated

2022-03-11

CVE-2022-24408

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SINUMERIK MC versions prior to V1.15 SP1 SINUMERIK ONE versions prior to V6.15 SP1

Description A vulnerability has been identified that could allow local attackers to escalate their privileges to root. The sc SUID binary on affected devices provides several commands that can be used to execute system commands or modify system files. A specific set of operations using sc could be exploited for this purpose.

Recommendations For SINUMERIK MC versions prior to V1.15 SP1, update to V1.15 SP1 or later to resolve the issue. For SINUMERIK ONE versions prior to V6.15 SP1, update to V6.15 SP1 or later to resolve the issue.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2022-24408

Affected Products

Sinumerik Mc

Sinumerik One

PT-2022-16677 · Siemens · Sinumerik One+1

CVE-2022-24408

Weakness Enumeration

Related Identifiers

Affected Products

References · 3