A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device locally or over the network.
The device contains hidden user accounts whose existence is not documented by the manufacturer (CWE-798 — use of hardcoded credentials). An attacker with knowledge of these credentials can use them to authenticate to the system — both locally and over the network. Because the credentials are static and embedded in the firmware, they cannot be changed in the standard way.
An attacker can gain unauthorized access to the device, resulting in complete breach of its confidentiality, integrity, and availability. Full takeover of the device is possible, both remotely over the network and locally.
The Siemens SIMATIC CN 4100 device firmware should be updated to version V3.0 or later. Detailed instructions are available in the manufacturer's bulletin: https://cert-portal.siemens.com/productcert/html/ssa-273900.html
Siemens SIMATIC CN 4100 — all firmware versions below V3.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSiemens Simatic Cn 4100
HWSiemenswszystkie wersjeSiemens Simatic Cn 4100 Firmware
OSSiemens< 3.0
Related vulnerabilities
Siemens SIMATIC CN 4100 — zakodowane dane uwierzytelniające w firmware
Zakodowane na stałe hasło root w Siemens SIMATIC CN 4100
Siemens SIMATIC CN 4100 – domyślne dane uwierzytelniające z uprawnieniami administratora
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of impr...
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does no...