Publication Date: | 2022-06-14 |
Last Update: | 2022-06-14 |
Current Version: | V1.0 |
CVSS v3.1 Base Score: | 7.8 |
Affected Product and Versions | Remediation |
---|---|
SCALANCE LPE9403 (6GK5998-3GS00-2AC2):
All versions < V2.0 |
Update to V2.0 or later version
https://support.industry.siemens.com/cs/ww/en/view/109811123/ See further recommendations from section Workarounds and Mitigations |
SINUMERIK Edge:
All versions < V3.3.0 |
Update to V3.3.0 or later version
Use the internal update mechanism of the device(s). See Documentation for further information. See further recommendations from section Workarounds and Mitigations |
Temporary mitigation exists at the expense of pkexec’s capabilities. By removing SUID permissions, the program cannot run processes as root. However, any processes that rely on it for normal operation will be affected
- SUID permission can be removed with chmod, as follows: chmod 0755 /usr/bin/pkexec
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C |
CWE: | CWE-787: Out-of-bounds Write |