How serious is CVE-2024-47562?

This vulnerability has a CVSS score of 9.3 out of 10, classified as CRITICAL severity. No public exploit code has been identified yet.

Which products are affected by CVE-2024-47562?

CVE-2024-47562 affects siemens sinec security monitor. Check the full CVE details for specific version information.

How do I fix CVE-2024-47562?

To remediate CVE-2024-47562, check for security patches from siemens. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2024-47562

Critical

|9.3

No Exploit

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker with low-level access to the SINEC Security Monitor to run high-level commands on the operating system, potentially taking control of the system. The attacker must be authenticated, meaning they need some level of access to the system to exploit this flaw.

Technical Description

A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly neutralize special elements in user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged local attacker to execute privileged commands in the underlying OS.

CVSS Vector Analysis

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeChanged

Vector String

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$8,000($5K-$15K)

Vendor Response

Grade FPatched in 518 days

Quick Information

Published

Oct 8, 2024

over 1 year ago

Last Modified

Mar 10, 2026

28 days ago

Vendor

siemens

Product

sinec security monitor

Related Vulnerabilities

CVE-2025-40594Medium

An attacker can gain unauthorized access to sensitive settings on certain Siemens SINAMICS devices by performing a factory reset without proper permissions, potentially allowing them to manipulate configuration data. This vulnerability affects specific firmware versions and can be exploited if the attacker has previously accessed the device, as it involves leftover privileges from earlier sessions.

CVE-2024-47565Medium

An attacker with valid login credentials can exploit a flaw in the SINEC Security Monitor to alter its configuration settings, potentially leading to unauthorized changes in the system's security. This vulnerability affects all versions prior to 4.9.0 and arises from the application not properly checking user input against a list of acceptable values.

CVE-2024-47563Medium

An attacker can create files in unintended locations on the system, potentially altering or corrupting important files, if they can access the SINEC Security Monitor application version before 4.9.0. This vulnerability does not require authentication, meaning anyone can exploit it if they know how to send the right request to the application.

CVE-2024-47553Critical

This vulnerability allows a low-level authenticated attacker to run any code they want with full control over the operating system, potentially compromising the entire system. It affects all versions of the SINEC Security Monitor before version 4.9.0, and the attacker must already have some form of access to the system.