CVE-2026-22924 | THREATINT

Description

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion conditions. This could allow an attacker to disrupt normal operations or perform unauthorized actions, potentially impacting system availability and integrity.

PUBLISHED Reserved 2026-01-13 | Published 2026-05-12 | Updated 2026-05-13 | Assigner siemens

CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-306: Missing Authentication for Critical Function

Product status

Default status

unknown

Any version before V5.0

affected

References

cert-portal.siemens.com/productcert/html/ssa-032379.html

cve.org (CVE-2026-22924)

nvd.nist.gov (CVE-2026-22924)

Download JSON