Key Information Vulnerability Description Vulnerability ID: SSA-097786 Vulnerability Type: Vulnerability allowing sensitive information to be inserted into log files Affected Product: SINUMERIK system Affected Versions: - SINUMERIK 828D V4: All versions < V4.95 SP3 - SINUMERIK 840D sl V4: All versions < V4.95 SP3 - SINUMERIK ONE: All versions Vulnerability Impact When using the Create MyConfig (CMC) package, if a password is entered manually or via the CMC package on the NCU or IPC, the password is logged in the file . This may allow a local user with low privileges to read the password and impersonate a user with higher privileges. Solution Update to V4.95 SP3 or later. Software updates are available from Siemens Customer Service Support or local partners. Refer to the "Workarounds and Mitigations" section for additional recommendations. Workarounds and Mitigations Manually delete the file after using CMC: - NCU: - IPC: Backup the corresponding trace file . Modify the trace configuration to disable tracing in the future. General Security Recommendations It is recommended to implement specific workarounds and mitigations to reduce risk. Refer to the general security recommendations in the Affected Products and Solutions section. Product Description SINUMERIK systems are industrial automation and control products from Siemens. Affected Components SINUMERIK 828D V4 SINUMERIK 840D sl V4 SINUMERIK ONE CVSS Score CVSS v3.1 Base Score: 5.5 CVSS v4.0 Base Score: 6.8 Additional Information For further inquiries regarding security vulnerabilities, contact Siemens Product CERT. For historical data, refer to the Historical Data section. For terms of use, refer to the Terms of Use section. Summary This security advisory describes a vulnerability affecting SINUMERIK systems, which allows a local user with low privileges to read sensitive information and impersonate a user with higher privileges. Siemens recommends updating to the latest version to resolve this issue and provides workarounds and mitigations.