漏洞标题
N/A
漏洞描述信息
在SINAMICS S200(所有序列号以SZVS8、SZVS9、SZVS0或SZVSN开头且FS编号为02的版本)中发现了一个漏洞。受影响的设备包含一个未锁定的引导加载程序。这一安全疏漏使得攻击者能够注入恶意代码或安装不受信任的固件。当引导加载程序未被保护时,旨在防止数据篡改和未经授权访问的内在安全特性将受到破坏。
CVSS信息
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
关键资源的不正确权限授予
漏洞标题
N/A
漏洞描述信息
A vulnerability has been identified in SINAMICS S200 (All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02). The affected device contains an unlocked bootloader. This security oversight enables attackers to inject malicious code, or install untrusted firmware. The intrinsic security features designed to protect against data manipulation and unauthorized access are compromised when the bootloader is not secured.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
认证机制不恰当