CRITICAL🇵🇱 Wersja polska

CVE-2024-32741

CVSS 10.0v3.1pub. 2024-05-14upd. 2025-08-26

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot loader `GRUB` by default . An attacker who manages to crack the password hash gains root access to the device.

🤖 AI Analysis
How it works

In the firmware of the SIMATIC CN 4100 device, the manufacturer defined a fixed, unchangeable password used by default for the `root` account and the `GRUB` bootloader. An attacker who gains access to the hash of this password — for example, through the network or physical access to the device — can attempt to crack it using offline methods. After successfully breaking the hash, they gain full root access to the device, covering both the operating system and the boot process.

Impact

An attacker gains full root access to the device, enabling them to take complete control of the system, modify configuration, install malicious software, and potentially compromise the integrity, confidentiality, and availability of the device.

Mitigation & patch

The firmware of the Siemens SIMATIC CN 4100 device must be updated to version V3.0 or later. Detailed instructions are available in the Siemens security bulletin SSA-273900 at: https://cert-portal.siemens.com/productcert/html/ssa-273900.html

Who is affected

Siemens SIMATIC CN 4100 — all firmware versions below V3.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Siemens Simatic Cn 4100

    HW
    Siemens
    wszystkie wersje
  • Siemens Simatic Cn 4100 Firmware

    OS
    Siemens
    < 3.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-40938CRITICAL9.2PL ✓ten sam produkt

Siemens SIMATIC CN 4100 — zakodowane dane uwierzytelniające w firmware

CVE-2024-32740CRITICAL9.8PL ✓ten sam produkt

Ukryte dane uwierzytelniające w Siemens SIMATIC CN 4100 (hardcoded credentials)

CVE-2023-49621CRITICAL9.8PL ✓ten sam produkt

Siemens SIMATIC CN 4100 – domyślne dane uwierzytelniające z uprawnieniami administratora

CVE-2023-29130CRITICAL9.9ten sam produkt

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of impr...

CVE-2026-22924HIGH8.8ten sam produkt

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does no...