Lucene search

SiemensCVELIST:CVE-2024-41681

HistoryAug 13, 2024 - 7:54 a.m.

CVE-2024-41681

2024-08-1307:54:18

CWE-326

siemens

www.cve.org

cve-2024-41681

weak ciphers

unauthenticated attacker

data modification

CVSS3

6.7

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C

CVSS4

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:L/SC:N/VI:H/SI:N/VA:H/SA:N

EPSS

0.001

Percentile

17.7%

JSON

A vulnerability has been identified in Location Intelligence family (All versions < V4.4). The web server of affected products is configured to support weak ciphers by default. This could allow an unauthenticated attacker in an on-path position to to read and modify any data passed over the connection between legitimate clients and the affected device.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "Location Intelligence family",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V4.4",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/html/ssa-720392.html

CVSS3

6.7

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C

CVSS4

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:L/SC:N/VI:H/SI:N/VA:H/SA:N

EPSS

0.001

Percentile

17.7%

JSON

Related for CVELIST:CVE-2024-41681