Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker could modify a user-writeable configuration file so that after reboot or manual initiation the system reloads the modified configuration file and attacker-controlled code is executed with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.
CVSS Information
N/A
Vulnerability Type
保护机制失效
Vulnerability Title
多款Siemens产品安全漏洞
Vulnerability Description
Siemens SINUMERIK 808D等都是德国西门子(Siemens)公司的数控机床系统控制器。 多款Siemens产品中存在安全漏洞。本地攻击者可通过修改用户可写的配置文件利用该漏洞在系统重启后或手动启动后以提升的权限执行代码,影响系统的可用性、保密性和完整性。以下产品和版本受到影响:Siemens SINUMERIK 808D 4.7所有版本,4.8所有版本;828D 4.7 SP6 HF1之前的4.7所有版本;840D sl 4.7 SP6 HF5之前的4.7所有版本;840D sl 4.8
CVSS Information
N/A
Vulnerability Type
N/A