Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

simatic_cn_4100_firmware

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

3
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2024-32742
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.6||HIGH
EPSS-0.10% / 28.35%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 10:02
Updated-20 Aug, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains an unrestricted USB port. An attacker with local access to the device could potentially misuse the port for booting another operating system and gain complete read/write access to the filesystem.

Action-Not Available
Vendor-Siemens AG
Product-simatic_cn_4100_firmwaresimatic_cn_4100SIMATIC CN 4100simatic_cn_4100
CWE ID-CWE-1326
Missing Immutable Root of Trust in Hardware
CVE-2024-32741
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-10||CRITICAL
EPSS-0.55% / 66.78%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 10:02
Updated-26 Aug, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot loader `GRUB` by default . An attacker who manages to crack the password hash gains root access to the device.

Action-Not Available
Vendor-Siemens AG
Product-simatic_cn_4100simatic_cn_4100_firmwareSIMATIC CN 4100simatic_cn_4100
CWE ID-CWE-259
Use of Hard-coded Password
CVE-2024-32740
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.63% / 69.42%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 10:02
Updated-20 Aug, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device locally or over the network.

Action-Not Available
Vendor-Siemens AG
Product-simatic_cn_4100_firmwaresimatic_cn_4100SIMATIC CN 4100simatic_cn_4100
CWE ID-CWE-798
Use of Hard-coded Credentials