CVE-2024-41681 MEDIUM

CVE-2024-41681

Vendor Siemens
Product Location Intelligence family
Weakness CWE-326 · Weak encryption
Published August 13, 2024
Last update August 13, 2024

CVSS base score

6.7/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C

What the vulnerability does

01Description

A vulnerability has been identified in Location Intelligence family (All versions < V4.4). The web server of affected products is configured to support weak ciphers by default. This could allow an unauthenticated attacker in an on-path position to to read and modify any data passed over the connection between legitimate clients and the affected device.

Key dates

02Disclosure timeline

August 13, 2024 CVE published
August 13, 2024 Record updated