CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-29884
https://notcve.org/view.php?id=CVE-2022-29884
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < CPC80 V16.30), CP-8021 MASTER MODULE (All versions < CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions < CPC80 V16.30). When using the HTTPS server under specific conditions, affected devices do not properly free resources. This could allow an unauthenticated remote attacker to put the device into a denial of service condition. Se ha identificado una vulnerabilidad en el MASTER MODULE CP-8000 CON E/S -25/+70°C (Todas las versiones anteriores a CPC80 V16.30), MASTER MODULE CP-8000 CON E/S -40/+70°C (Todas las versiones anteriores a CPC80 V16.30), MASTER MODULE CP-8021 (Todas las versiones anteriores a CPC80 V16.30), MASTER MODULE CP-8022 CON GPRS (Todas las versiones anteriores a CPC80 V16.30). Cuando es usado el servidor HTTPS en condiciones específicas, los dispositivos afectados no liberan apropiadamente los recursos. • https://cert-portal.siemens.com/productcert/pdf/ssa-491621.pdf • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-28396
https://notcve.org/view.php?id=CVE-2020-28396
A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V16), SICAM A8000 CP-8021 (All versions < V16), SICAM A8000 CP-8022 (All versions < V16). A web server misconfiguration of the affected device can cause insecure ciphers usage by a user´s browser. An attacker in a privileged position could decrypt the communication and compromise confidentiality and integrity of the transmitted information. Se ha identificado una vulnerabilidad en SICAM A8000 CP-8000 (Todas las versiones anteriores a V16), SICAM A8000 CP-8021 (Todas las versiones anteriores a V16), SICAM A8000 CP-8022 (Todas las versiones anteriores a V16). Una configuración inapropiada del servidor web del dispositivo afectado puede causar un uso de cifrado no seguro por parte del navegador del usuario. • https://cert-portal.siemens.com/productcert/pdf/ssa-415783.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-062 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-693: Protection Mechanism Failure •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-13798 – Siemens SICAM A8000 Series Denial Of Service
https://notcve.org/view.php?id=CVE-2018-13798
A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the web server. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/TCP or 443/TCP. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the web server. • https://cert-portal.siemens.com/productcert/pdf/ssa-579309.pdf • CWE-20: Improper Input Validation •