PatchSiren cyber security CVE debrief
CVE-2024-41171 Siemens CVE debrief
CVE-2024-41171 is a high-severity local privilege escalation vulnerability in Siemens SINUMERIK CNC systems, published 2024-09-10. Affected devices fail to properly enforce access restrictions on scripts executed with elevated privileges, allowing an authenticated local attacker to escalate privileges on the underlying system. The vulnerability affects four product variants: SINUMERIK 828D V4, SINUMERIK 828D V5, SINUMERIK 840D sl V4, and SINUMERIK ONE. Siemens has provided vendor fixes for SINUMERIK 828D V5 (update to V5.24 or later) and SINUMERIK ONE (update to V6.24 or later). No fix is currently planned for SINUMERIK 828D V4 and SINUMERIK 840D sl V4. Organizations should apply available updates immediately, restrict local access to affected systems, and implement defense-in-depth strategies for unpatched systems.
- Vendor
- Siemens
- Product
- SINUMERIK 828D V4
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-09-10
- Original CVE updated
- 2025-05-06
- Advisory published
- 2024-09-10
- Advisory updated
- 2025-05-06
Who should care
Organizations operating Siemens SINUMERIK CNC systems in manufacturing, aerospace, automotive, and other industrial sectors. System administrators, OT security teams, and plant engineers responsible for maintaining secure configurations of computer numerical control equipment.
Technical summary
The vulnerability exists due to improper access control enforcement on system scripts that execute with elevated privileges. An authenticated attacker with local access can exploit this weakness to escalate their privileges on the underlying operating system. The attack requires low complexity, low privileges, and no user interaction, with potential for high impact on confidentiality, integrity, and availability. The scope change indicator (S:C) in the CVSS vector suggests the vulnerable component impacts resources beyond its security scope.
Defensive priority
high
Recommended defensive actions
- Apply vendor-provided updates immediately for supported product variants: update SINUMERIK 828D V5 to V5.24 or later, and SINUMERIK ONE to V6.24 or later
- For SINUMERIK 828D V4 and SINUMERIK 840D sl V4 where no fix is planned, restrict physical and logical access to authorized personnel only
- Implement strict local access controls and authentication mechanisms on affected CNC systems
- Monitor for anomalous script execution or privilege escalation attempts on affected devices
- Apply defense-in-depth strategies including network segmentation to isolate affected industrial control systems from untrusted networks
- Review and enforce principle of least privilege for all user accounts on affected systems
Evidence notes
Vulnerability description and remediation guidance sourced from CISA CSAF advisory ICSA-24-256-02, with vendor fix details and affected product list from Siemens security advisory SSA-342438. CVSS 8.8 (HIGH) reflects local attack vector with low complexity, low privileges required, no user interaction, and high impact across confidentiality, integrity, and availability with scope change.
Official resources
-
CVE-2024-41171 CVE record
CVE.org
-
CVE-2024-41171 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-09-10