CVE-2024-47562

Name of the Vulnerable Software and Affected Versions: Siemens SINEC Security Monitor versions prior to V4.9.0

Description: A vulnerability has been identified in the Siemens SINEC Security Monitor application, where it does not properly neutralize special elements in user input to the ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to execute privileged commands in the underlying OS. The issue is related to the application's failure to properly clean data at the management level, which could be exploited by a remote attacker to execute arbitrary commands.

Recommendations: For versions prior to V4.9.0, update to version V4.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the ssmctl-client command until a patch is available. Additionally, limiting the privileges of local attackers can help minimize the risk of exploitation.