CVE-2024-56336 CRITICAL

CVE-2024-56336

Vendor Siemens
Product SINAMICS S200
Weakness CWE-287 · Improper authentication
Published March 11, 2025
Last update March 11, 2025

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability has been identified in SINAMICS S200 (All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02). The affected device contains an unlocked bootloader. This security oversight enables attackers to inject malicious code, or install untrusted firmware. The intrinsic security features designed to protect against data manipulation and unauthorized access are compromised when the bootloader is not secured.

Key dates

02Disclosure timeline

March 11, 2025 CVE published
March 11, 2025 Record updated