CVE-2022-24408

A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow local attackers to escalate their privileges to root.

Published: Mar 8, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-24408
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
siemens / sinumerik_mc_firmware	-	1.15
siemens / sinumerik_mc_firmware	1.15	1.15.x
siemens / sinumerik_one_firmware	-	6.15
siemens / sinumerik_one_firmware	6.15	6.15.x

https://cert-portal.siemens.com/productcert/pdf/ssa-337210.pdf

Vulnerability Database

289,697

CVE-2022-24408