Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-49251

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application allows an attacker to add their own login credentials to the device. This allows an attacker to remotely login as root and take control of the device even after the affected device is fully set up.

Published

2024-01-09T10:15:19.910

Last Modified

2025-12-16T19:32:51.833

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-639

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	siemens	simatic_cn_4100_firmware	< 2.7	Yes
Hardware	siemens	simatic_cn_4100	-	No

References

https://cert-portal.siemens.com/productcert/pdf/ssa-777015.pdf Patch, Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-777015.pdf Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)