CVE-2024-43781

Name of the Vulnerable Software and Affected Versions SINUMERIK 828D V4 versions prior to V4.95 SP3 SINUMERIK 840D sl V4 versions prior to V4.95 SP3 SINUMERIK ONE versions prior to V6.23 SINUMERIK ONE versions prior to V6.15 SP4

Description A vulnerability has been identified that allows the insertion of sensitive information into log files. This could enable a local authenticated user with low privileges to read sensitive information, thus circumventing access restrictions. The vulnerability is related to the use of Create MyConfig (CMC) and can allow an attacker to bypass security restrictions and gain unauthorized access to protected information.

Recommendations For SINUMERIK 828D V4 versions prior to V4.95 SP3, update to version V4.95 SP3 or later. For SINUMERIK 840D sl V4 versions prior to V4.95 SP3, update to version V4.95 SP3 or later, and ensure Create MyConfig (CMC) is updated to a version later than V4.8 SP1 HF6. For SINUMERIK ONE versions prior to V6.23, update to version V6.23 or later, and ensure Create MyConfig (CMC) is updated to a version later than V6.6. For SINUMERIK ONE versions prior to V6.15 SP4, update to version V6.15 SP4 or later, and ensure Create MyConfig (CMC) is updated to a version later than V6.6. As a temporary workaround, consider restricting access to log files and sensitive information to minimize the risk of exploitation.