Privilege escalation in Siemens Sinumerik Mc

CVE-2022-24408

A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify s…

Vulnerability class: Privilege Escalation

EPSS: 0.000 (8.9th percentile) — read the EPSS interpretation.

Affected products

Siemens Sinumerik Mc — versions All versions < V1.15 SP1
Siemens Sinumerik One — versions All versions < V6.15 SP1

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

cert-portal.siemens.com/productcert/pdf/ssa-337210.pdf (x_refsource_MISC)