CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-37998
https://notcve.org/view.php?id=CVE-2024-37998
22 Jul 2024 — A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts of the affected applications can be reset without requiring the knowledge of the current password, given the auto login is enabled. This could allow an unauthorized attacker to obtain administrative access of the affected applications. Se ha identificado una vulnerabilidad en CPCI85 Central Processing/Communication/ (todas ... • https://cert-portal.siemens.com/productcert/html/ssa-071402.html • CWE-620: Unverified Password Change •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-31485 – Siemens CP-8000 / CP-8021 / CP8-022 / CP-8031 / CP-8050 / SICORE Buffer Overread / Escalation
https://notcve.org/view.php?id=CVE-2024-31485
14 May 2024 — A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. Se ha identificado una vulnerabilidad en CPCI85 Central Processing/Communication (todas las versiones < V5.30), sistema base SICORE (to... • http://seclists.org/fulldisclosure/2024/Jul/4 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-33921 – Siemens A8000 CP-8050 / CP-8031 Code Execution / Command Injection
https://notcve.org/view.php?id=CVE-2023-33921
13 Jun 2023 — A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to login to the device. • http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html • CWE-749: Exposed Dangerous Method or Function •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-33920 – Siemens A8000 CP-8050 / CP-8031 Code Execution / Command Injection
https://notcve.org/view.php?id=CVE-2023-33920
13 Jun 2023 — A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain the hash of the root password in a hard-coded form, which could be exploited for UART console login to the device. An attacker with direct physical access could exploit this vulnerability. • http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-33919 – Siemens A8000 CP-8050 / CP-8031 Code Execution / Command Injection
https://notcve.org/view.php?id=CVE-2023-33919
13 Jun 2023 — A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. • http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •