← back
CVE-2022-24408

CVE-2022-24408

EPSS 0.2%CWE-269
A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow local attackers to escalate their privileges to root.
Affected products
Siemens · SINUMERIK MCSiemens · SINUMERIK ONE

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert-portal.siemens.com/productcert/pdf/ssa-337210.pdf