CRITICAL🇵🇱 Wersja polska

CVE-2023-49621

CVSS 9.8v3.1pub. 2024-01-09upd. 2025-12-16

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device.

🤖 AI Analysis
How it works

During the so-called 'intermediate installation' state, the SIMATIC CN 4100 device software uses predefined, default login credentials assigned to an account with administrator privileges. The vulnerability is classified as CWE-1392 (use of default credentials), meaning these credentials are known or easy to guess. An attacker can remotely log in to the device using these default credentials without requiring any privileges or user interaction.

Impact

An attacker gains full control of the device with administrator privileges, enabling them to read, modify, or destroy configuration data and potentially disrupt the operation of industrial systems to which the device is connected.

Mitigation & patch

The SIMATIC CN 4100 device firmware must be updated to version V2.7 or later. Detailed information and patches are available in the Siemens security bulletin at: https://cert-portal.siemens.com/productcert/pdf/ssa-777015.pdf

Who is affected

Siemens SIMATIC CN 4100 – all firmware versions below V2.7

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Siemens Simatic Cn 4100

    HW
    Siemens
    wszystkie wersje
  • Siemens Simatic Cn 4100 Firmware

    OS
    Siemens
    < 2.7
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-40938CRITICAL9.2PL ✓ten sam produkt

Siemens SIMATIC CN 4100 — zakodowane dane uwierzytelniające w firmware

CVE-2024-32740CRITICAL9.8PL ✓ten sam produkt

Ukryte dane uwierzytelniające w Siemens SIMATIC CN 4100 (hardcoded credentials)

CVE-2024-32741CRITICAL10.0PL ✓ten sam produkt

Zakodowane na stałe hasło root w Siemens SIMATIC CN 4100

CVE-2023-29130CRITICAL9.9ten sam produkt

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of impr...

CVE-2026-22924HIGH8.8ten sam produkt

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does no...