CVE-2024-32741

Name of the Vulnerable Software and Affected Versions SIMATIC CN 4100 versions prior to V3.0

Description A vulnerability has been identified in the SIMATIC CN 4100 device, where it contains a hard-coded password used for the privileged system user root and for the boot loader GRUB by default. This issue is related to the use of pre-installed credentials. If an attacker manages to crack the password hash, they can gain root access to the device, allowing for unauthorized access with root privileges.

Recommendations For versions prior to V3.0, consider changing the default password for the root user and the GRUB boot loader to a strong, unique password to prevent unauthorized access. As a temporary workaround, restrict access to the device to minimize the risk of exploitation.