Siemens Vulnerabilities

An attacker can gain unauthorized access to sensitive settings on certain Siemens SINAMICS devices by performing a factory reset without proper permissions, potentially allowing them to manipulate configuration data. This vulnerability affects specific firmware versions and can be exploited if the attacker has previously accessed the device, as it involves leftover privileges from earlier sessions.

An attacker with valid login credentials can exploit a flaw in the SINEC Security Monitor to alter its configuration settings, potentially leading to unauthorized changes in the system's security. This vulnerability affects all versions prior to 4.9.0 and arises from the application not properly checking user input against a list of acceptable values.

An attacker can create files in unintended locations on the system, potentially altering or corrupting important files, if they can access the SINEC Security Monitor application version before 4.9.0. This vulnerability does not require authentication, meaning anyone can exploit it if they know how to send the right request to the application.

This vulnerability allows an attacker with low-level access to the SINEC Security Monitor to run high-level commands on the operating system, potentially taking control of the system. The attacker must be authenticated, meaning they need some level of access to the system to exploit this flaw.

This vulnerability allows a low-level authenticated attacker to run any code they want with full control over the operating system, potentially compromising the entire system. It affects all versions of the SINEC Security Monitor before version 4.9.0, and the attacker must already have some form of access to the system.