Vulnerability Details CVE-2022-24408
A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow local attackers to escalate their privileges to root.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.8%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
Products affected by CVE-2022-24408
-
cpe:2.3:h:siemens:sinumerik_mc:-
-
cpe:2.3:h:siemens:sinumerik_one:-
-
cpe:2.3:o:siemens:sinumerik_mc_firmware:*
-
cpe:2.3:o:siemens:sinumerik_mc_firmware:1.15
-
cpe:2.3:o:siemens:sinumerik_one_firmware:-
-
cpe:2.3:o:siemens:sinumerik_one_firmware:6.15