CVE-2024-32742 - Vulnerability Details - OpenCVE

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains an unrestricted USB port. An attacker with local access to the device could potentially misuse the port for booting another operating system and gain complete read/write access to the filesystem.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Simatic Cn 4100 Simatic Cn 4100 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:siemens:simatic_cn_4100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_cn_4100:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/html/ssa-273900.html

History

Wed, 20 Aug 2025 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Siemens simatic Cn 4100 Firmware
CPEs		cpe:2.3:h:siemens:simatic_cn_4100:-:::::::* cpe:2.3:o:siemens:simatic_cn_4100_firmware::::::::
Vendors & Products		Siemens simatic Cn 4100 Firmware

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2024-05-14T10:02:49.388Z

Updated: 2024-08-02T02:20:35.285Z

Reserved: 2024-04-17T12:35:40.942Z

Link: CVE-2024-32742

Vulnrichment

Updated: 2024-08-02T02:20:35.285Z

NVD

Status : Analyzed

Published: 2024-05-14T16:17:12.103

Modified: 2025-08-20T18:05:14.210

Link: CVE-2024-32742

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-32742", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "state": "PUBLISHED", "assignerShortName": "siemens", "dateReserved": "2024-04-17T12:35:40.942Z", "datePublished": "2024-05-14T10:02:49.388Z", "dateUpdated": "2024-08-02T02:20:35.285Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2024-05-15T07:24:36.881Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains an unrestricted USB port. An attacker with local access to the device could potentially misuse the port for booting another operating system and gain complete read/write access to the filesystem."}], "affected": [{"vendor": "Siemens", "product": "SIMATIC CN 4100", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "baseScore": 7.6, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1326", "description": "CWE-1326: Missing Immutable Root of Trust in Hardware", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-273900.html"}]}, "adp": [{"affected": [{"vendor": "siemens", "product": "simatic_cn_4100", "cpes": ["cpe:2.3:a:siemens:simatic_cn_4100:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-14T12:43:18.352073Z", "id": "CVE-2024-32742", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T17:34:34.134Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:20:35.285Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-273900.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-273900.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:20:35.285Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32742", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-14T12:43:18.352073Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:siemens:simatic_cn_4100:*:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "simatic_cn_4100", "versions": [{"status": "affected", "version": "0", "lessThan": "3.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-14T12:43:57.818Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C"}}], "affected": [{"vendor": "Siemens", "product": "SIMATIC CN 4100", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-273900.html"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains an unrestricted USB port. An attacker with local access to the device could potentially misuse the port for booting another operating system and gain complete read/write access to the filesystem."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1326", "description": "CWE-1326: Missing Immutable Root of Trust in Hardware"}]}], "providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2024-05-15T07:24:36.881Z"}}}, "cveMetadata": {"cveId": "CVE-2024-32742", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:20:35.285Z", "dateReserved": "2024-04-17T12:35:40.942Z", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "datePublished": "2024-05-14T10:02:49.388Z", "assignerShortName": "siemens"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_cn_4100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F15A56BD-441A-4E61-A7D7-EADCCF8CC81B", "versionEndExcluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_cn_4100:-:*:*:*:*:*:*:*", "matchCriteriaId": "92619F5F-3679-4424-9455-3285FF1EF2F1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains an unrestricted USB port. An attacker with local access to the device could potentially misuse the port for booting another operating system and gain complete read/write access to the filesystem."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SIMATIC CN 4100 (todas las versiones < V3.0). El dispositivo afectado contiene un puerto USB sin restricciones. Un atacante con acceso local al dispositivo podr\u00eda hacer un mal uso del puerto para iniciar otro sistema operativo y obtener acceso completo de lectura/escritura al sistema de archivos."}], "id": "CVE-2024-32742", "lastModified": "2025-08-20T18:05:14.210", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 6.0, "source": "productcert@siemens.com", "type": "Secondary"}]}, "published": "2024-05-14T16:17:12.103", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/html/ssa-273900.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/html/ssa-273900.html"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1326"}], "source": "productcert@siemens.com", "type": "Secondary"}]}