CVE-2024-41171

Name of the Vulnerable Software and Affected Versions SINUMERIK 828D V4 (All versions) SINUMERIK 828D V5 (All versions < V5.24) SINUMERIK 840D sl V4 (All versions) SINUMERIK ONE (All versions < V6.24)

Description A vulnerability has been identified in the affected devices, which do not properly enforce access restrictions to scripts that are regularly executed by the system with elevated privileges. This could allow an authenticated local attacker to escalate their privileges in the underlying system. The vulnerability is related to the incorrect assignment of permissions for scripts executed by the system.

Recommendations For SINUMERIK 828D V4, consider disabling the execution of scripts with elevated privileges until a patch is available. For SINUMERIK 828D V5, update to version V5.24 or later to resolve the issue. For SINUMERIK 840D sl V4, restrict access to scripts that are regularly executed by the system with elevated privileges. For SINUMERIK ONE, update to version V6.24 or later to resolve the issue. As a temporary workaround, consider restricting the execution of scripts with elevated privileges to minimize the risk of exploitation.