July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
SideWinder APT Group aka Rattlesnake – Active IOCs
July 26, 2024Multiple Adobe Products Vulnerabilities
July 26, 2024SideWinder APT Group aka Rattlesnake – Active IOCs
July 26, 2024Multiple Adobe Products Vulnerabilities
July 26, 2024
Severity
High
Analysis Summary
CVE-2024-37998 CVSS:9.8
Siemens SICAM Products could allow a remote attacker to bypass security restrictions, caused by an unverified password change flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to gain administrative access to the system.
CVE-2024-39601 CVSS:6.5
Siemens SICAM Products could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication validation. By sending a specially crafted request, an attacker could exploit this vulnerability to to downgrade the firmware on the device.
Impact
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-37998
- CVE-2024-39601
Affected Vendors
Siemens
Affected Products
- Siemens CPCI85 Central Processing/Communication
- Siemens SICORE Base system
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.