Details of VAR-202406-0183

ID

VAR-202406-0183

CVE

CVE-2024-36266

TITLE

Siemens' PowerSys Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-028519

DESCRIPTION

A vulnerability has been identified in PowerSys (All versions < V3.11). The affected application insufficiently protects responses to authentication requests. This could allow a local attacker to bypass authentication, thereby gaining administrative privileges for the managed remote devices. Siemens' PowerSys There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. PowerSys is a service program used for debugging, maintenance and diagnosis of PowerLink 50/100 or SWT 3000 devices

Trust: 2.16

sources: NVD: CVE-2024-36266 // JVNDB: JVNDB-2024-028519 // CNVD: CNVD-2024-26702

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-26702

AFFECTED PRODUCTS

vendor:	siemens	model:	powersys	scope:	lt	version:	3.11	Trust: 1.6
vendor:	シーメンス	model:	powersys	scope:	eq	version:	3.11	Trust: 0.8
vendor:	シーメンス	model:	powersys	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	powersys	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2024-26702 // JVNDB: JVNDB-2024-028519 // NVD: CVE-2024-36266

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2024-36266
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-36266
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-36266
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2024-26702
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-26702
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2024-36266
baseSeverity:	CRITICAL
baseScore:	9.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	6.0
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-36266
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2024-36266
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-26702 // JVNDB: JVNDB-2024-028519 // NVD: CVE-2024-36266 // NVD: CVE-2024-36266

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-028519 // NVD: CVE-2024-36266

PATCH

title:

Patch for Siemens PowerSys Authentication Error Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/555071

Trust: 0.6

sources: CNVD: CNVD-2024-26702

EXTERNAL IDS

db:	NVD	id:	CVE-2024-36266	Trust: 3.2
db:	SIEMENS	id:	SSA-024584	Trust: 2.4
db:	JVN	id:	JVNVU96920775	Trust: 0.8
db:	JVN	id:	JVNVU93250330	Trust: 0.8
db:	JVN	id:	JVNVU99752892	Trust: 0.8
db:	ICS CERT	id:	ICSA-24-165-07	Trust: 0.8
db:	JVNDB	id:	JVNDB-2024-028519	Trust: 0.8
db:	CNVD	id:	CNVD-2024-26702	Trust: 0.6

sources: CNVD: CNVD-2024-26702 // JVNDB: JVNDB-2024-028519 // NVD: CVE-2024-36266

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-024584.html	Trust: 2.4
url:	https://jvn.jp/vu/jvnvu99752892/	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu96920775/	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93250330/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-36266	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-07	Trust: 0.8

sources: CNVD: CNVD-2024-26702 // JVNDB: JVNDB-2024-028519 // NVD: CVE-2024-36266

SOURCES

db:	CNVD	id:	CNVD-2024-26702
db:	JVNDB	id:	JVNDB-2024-028519
db:	NVD	id:	CVE-2024-36266

LAST UPDATE DATE

2025-10-10T20:27:52.283000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-26702	date:	2024-06-12T00:00:00
db:	JVNDB	id:	JVNDB-2024-028519	date:	2025-10-07T05:59:00
db:	NVD	id:	CVE-2024-36266	date:	2025-09-26T23:52:05.310

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-26702	date:	2024-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2024-028519	date:	2025-10-07T00:00:00
db:	NVD	id:	CVE-2024-36266	date:	2024-06-11T12:15:18.657