CVE-2022-24408
N/A
N/A
Summary
A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow local attackers to escalate their privileges to root.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | SINUMERIK MC | All versions < V1.15 SP1 | affected |
| Siemens | SINUMERIK ONE | All versions < V6.15 SP1 | affected |
Weaknesses
- CWE-269: CWE-269: Improper Privilege Management
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.