CVE-2024-36266 — CRITICAL (9.3)

Q: How severe is CVE-2024-36266?

CVE-2024-36266 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2024-36266?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Powersys.

Vulnerability Description

A vulnerability has been identified in PowerSys (All versions < V3.11). The affected application insufficiently protects responses to authentication requests. This could allow a local attacker to bypass authentication, thereby gaining administrative privileges for the managed remote devices.

CVSS Score

9.3

CRITICAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Siemens	Powersys	< 3.11

Related Weaknesses (CWE)

CWE-287

References

https://cert-portal.siemens.com/productcert/html/ssa-024584.htmlVendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-024584.htmlVendor Advisory

FAQ

What is CVE-2024-36266?

CVE-2024-36266 is a vulnerability with a CVSS score of 9.3 (CRITICAL). A vulnerability has been identified in PowerSys (All versions < V3.11). The affected application insufficiently protects responses to authentication requests. This could allow a local attacker to bypa...

How severe is CVE-2024-36266?

CVE-2024-36266 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-36266?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Powersys.