Severity
Medium
Analysis Summary
CVE-2024-36266 CVSS:9.3
Siemens PowerSys could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper authentication. By sending a specially crafted request, an attacker could exploit this vulnerability to gain administrative privileges for the managed remote devices.
CVE-2024-33500 CVSS:5.9
Siemens Mendix Applications could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper privilege management. By sending a specially crafted request, an attacker could exploit this vulnerability to guess the id of a target role which contains the elevated access rights.
CVE-2023-38533 CVSS:3.3
Siemens TIA Administrator is vulnerable to a denial of service, caused by creating temporary download files in a directory with insecure permissions. By sending a specially crafted request, a local attacker could exploit this vulnerability to disrupt the update process.
Impact
- Privilege Escalation
- Denial of Service
Indicators of Compromise
CVE
- CVE-2024-36266
- CVE-2024-33500
- CVE-2023-38533
Affected Vendors
Affected Products
- Siemens Mendix Applications using Mendix 9
- Siemens Mendix Applications using Mendix 10
- Siemens PowerSys
- Siemens Mendix Applications using Mendix 10 (V10.6)
- Siemens TIA Administrator
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.