A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot loader `GRUB` by default . An attacker who manages to crack the password hash gains root access to the device.
In the firmware of the SIMATIC CN 4100 device, the manufacturer defined a fixed, unchangeable password used by default for the `root` account and the `GRUB` bootloader. An attacker who gains access to the hash of this password — for example, through the network or physical access to the device — can attempt to crack it using offline methods. After successfully breaking the hash, they gain full root access to the device, covering both the operating system and the boot process.
An attacker gains full root access to the device, enabling them to take complete control of the system, modify configuration, install malicious software, and potentially compromise the integrity, confidentiality, and availability of the device.
The firmware of the Siemens SIMATIC CN 4100 device must be updated to version V3.0 or later. Detailed instructions are available in the Siemens security bulletin SSA-273900 at: https://cert-portal.siemens.com/productcert/html/ssa-273900.html
Siemens SIMATIC CN 4100 — all firmware versions below V3.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HSiemens Simatic Cn 4100
HWSiemenswszystkie wersjeSiemens Simatic Cn 4100 Firmware
OSSiemens< 3.0
Related vulnerabilities
Siemens SIMATIC CN 4100 — zakodowane dane uwierzytelniające w firmware
Ukryte dane uwierzytelniające w Siemens SIMATIC CN 4100 (hardcoded credentials)
Siemens SIMATIC CN 4100 – domyślne dane uwierzytelniające z uprawnieniami administratora
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of impr...
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does no...