CVE-2023-49252

2024-01-0910:15:20

CWE-20

[email protected]

web.nvd.nist.gov

cve-2023-49252

simatic cn 4100

vulnerability

unauthorized access

ip configuration

denial of service

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The affected application allows IP configuration change without authentication to the device. This could allow an attacker to cause denial of service condition.

Affected configurations

NVD

Node

siemenssimatic_cn_4100Range<2.7

CPENameOperatorVersion
siemens:simatic_cn_4100siemens simatic cn 4100lt2.7

CPE	Name	Operator	Version
siemens:simatic_cn_4100	siemens simatic cn 4100	lt	2.7

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SIMATIC CN 4100",
    "versions": [
      {
        "version": "All versions < V2.7",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]