HIGH🇬🇧 English

CVE-2022-24408

CVSS 7.8v3.1pub. 2022-03-08upd. 2024-11-21

A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow local attackers to escalate their privileges to root.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Siemens Sinumerik Mc

    HW
    Siemens
    wszystkie wersje
  • Siemens Sinumerik Mc Firmware

    OS
    Siemens
    1.15< 1.15
  • Siemens Sinumerik One

    HW
    Siemens
    wszystkie wersje
  • Siemens Sinumerik One Firmware

    OS
    Siemens
    6.15< 6.15
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-27827HIGH7.5ten sam produkt

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lo...

CVE-2022-30694MEDIUM6.5ten sam produkt

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could al...

CVE-2020-8745MEDIUM6.8ten sam produkt

Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.8...

CVE-2026-0300CRITICAL9.3⚠ KEVPL ✓ten sam vendor

Buffer overflow RCE z uprawnieniami root w PAN-OS Captive Portal

CVE-2026-24858CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach