N/A

A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5), SINUMERIK 828D PPU.5 (All versions < V5.25 SP1), SINUMERIK 840D sl (All versions < V4.95 SP5), SINUMERIK MC (All versions < V1.25 SP1), SINUMERIK MC V1.15 (All versions < V1.15 SP5), SINUMERIK ONE (All versions < V6.25 SP1), SINUMERIK ONE V6.15 (All versions < V6.15 SP5). The affected application improperly validates authentication for its VNC access service, allowing access with insufficient password verification. This could allow an attacker to gain unauthorized remote access and potentially compromise system confidentiality, integrity, or availability.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

使用候选路径或通道进行的认证绕过

Siemens多款产品 安全漏洞

Siemens SINUMERIK 840D sl等都是德国西门子（Siemens）公司的产品。Siemens SINUMERIK 840D sl是一套高级机床数控系统。Siemens SINUMERIK是一套控制系统。Siemens Sinumerik 828D是一款基于面板的 Cnc。 Siemens多款产品存在安全漏洞，该漏洞源于VNC访问服务身份验证不当，可能导致未经授权的远程访问。以下产品及版本受到影响：SINUMERIK 828D PPU.4 V4.95 SP5之前版本、SINUMERIK 8

N/A

N/A