← Back to home
SIEMENS-SSA-097786  ·  Published 2024-09-10  ·  View on Siemens ProductCERT ↗

SSA-097786 V1.0: Insertion of Sensitive Information into Log File Vulnerability in SINUMERIK systems

CVSS N/A MEDIUM

Risk Summary

<p>SINUMERIK systems, that have been provisioned with Create MyConfig (CMC), are affected by a Insertion of Sensitive Information into Log File vulnerability. When using a CMC package on a NCU or on an IPC the password used in the CMC package or typed in manually during package execution is traced on the machine to the file <code>uptrace.out</code>. This could allow a local authenticated user with low privileges to read that password and use it to impersonate a user with higher privileges.</p> <p>Siemens has released new versions for the affected products and recommends to update to the latest versions.</p>

Remediations

  • Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-097786 V1.0: Insertion of Sensitive Information into Log File Vulnerability in SINUMERIK systems See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more