CVE-2024-35295
BaseFortify
Publication date: 2025-06-11
Last updated on: 2025-06-12
Assigner: Siemens AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Perfect Harmony GH180 devices (versions >= V8.0 and < V8.3.3 with NXGPro+ controller manufactured between April 2020 and April 2025). The maintenance connection on these devices does not properly protect access to the device's control unit configuration. As a result, an attacker with physical access to the maintenance connection's door port could make arbitrary configuration changes to the device.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with physical access to the maintenance connection port to change the device's configuration arbitrarily. This could lead to unauthorized control or disruption of the device's operation, potentially impacting system reliability, safety, or functionality.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, restrict physical access to the maintenance connection's door port on affected Perfect Harmony GH180 devices. Ensure that only authorized personnel can access the device's control unit configuration through the maintenance connection. Consider implementing physical security controls such as locks or secure enclosures to prevent unauthorized physical access.