CVE-2024-54092 Information
Description
A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions) Industrial Edge Device Kit - arm64 V1.18 (All versions) Industrial Edge Device Kit - arm64 V1.19 (All versions) Industrial Edge Device Kit - arm64 V1.20 (All versions < V1.20.2-1) Industrial Edge Device Kit - arm64 V1.21 (All versions < V1.21.1-1) Industrial Edge Device Kit - x86-64 V1.17 (All versions) Industrial Edge Device Kit - x86-64 V1.18 (All versions) Industrial Edge Device Kit - x86-64 V1.19 (All versions) Industrial Edge Device Kit - x86-64 V1.20 (All versions < V1.20.2-1) Industrial Edge Device Kit - x86-64 V1.21 (All versions < V1.21.1-1) Industrial Edge Own Device (IEOD) (All versions < V1.21.1-1-a) Industrial Edge Virtual Device (All versions < V1.21.1-1-a) SCALANCE LPE9413 (6GK5998-3GS01-2AC2) (All versions) SIMATIC IPC BX-39A Industrial Edge Device (All versions < V3.0) SIMATIC IPC BX-59A Industrial Edge Device (All versions < V3.0) SIMATIC IPC127E Industrial Edge Device (All versions < V3.0) SIMATIC IPC227E Industrial Edge Device (All versions < V3.0) SIMATIC IPC427E Industrial Edge Device (All versions < V3.0) SIMATIC IPC847E Industrial Edge Device (All versions < V3.0). Affected devices do not properly enforce user authentication on specific API endpoints when identity federation is used. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that identity federation is currently or has previously been used and the attacker has learned the identity of a legitimate user.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://cert-portal.siemens.com/productcert/html/ssa-634640.html https://cert-portal.siemens.com/productcert/html/ssa-819629.html
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: