CRITICAL🇵🇱 Wersja polska

CVE-2024-32740

CVSS 9.8v3.1pub. 2024-05-14upd. 2025-08-20

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device locally or over the network.

🤖 AI Analysis
How it works

The device contains hidden user accounts whose existence is not documented by the manufacturer (CWE-798 — use of hardcoded credentials). An attacker with knowledge of these credentials can use them to authenticate to the system — both locally and over the network. Because the credentials are static and embedded in the firmware, they cannot be changed in the standard way.

Impact

An attacker can gain unauthorized access to the device, resulting in complete breach of its confidentiality, integrity, and availability. Full takeover of the device is possible, both remotely over the network and locally.

Mitigation & patch

The Siemens SIMATIC CN 4100 device firmware should be updated to version V3.0 or later. Detailed instructions are available in the manufacturer's bulletin: https://cert-portal.siemens.com/productcert/html/ssa-273900.html

Who is affected

Siemens SIMATIC CN 4100 — all firmware versions below V3.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Siemens Simatic Cn 4100

    HW
    Siemens
    wszystkie wersje
  • Siemens Simatic Cn 4100 Firmware

    OS
    Siemens
    < 3.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-40938CRITICAL9.2PL ✓ten sam produkt

Siemens SIMATIC CN 4100 — zakodowane dane uwierzytelniające w firmware

CVE-2024-32741CRITICAL10.0PL ✓ten sam produkt

Zakodowane na stałe hasło root w Siemens SIMATIC CN 4100

CVE-2023-49621CRITICAL9.8PL ✓ten sam produkt

Siemens SIMATIC CN 4100 – domyślne dane uwierzytelniające z uprawnieniami administratora

CVE-2023-29130CRITICAL9.9ten sam produkt

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of impr...

CVE-2026-22924HIGH8.8ten sam produkt

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does no...