CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-42797
https://notcve.org/view.php?id=CVE-2023-42797
09 Jan 2024 — A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20). The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being used in succeeding validation steps. By uploading specially crafted network configuration, an authenticated remote attacker could be able to inject commands that are executed on the device with root privilege... • https://cert-portal.siemens.com/productcert/pdf/ssa-583634.pdf • CWE-908: Use of Uninitialized Resource •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27480 – Siemens A8000 CP-8050/CP-8031 SICAM WEB Missing File Download / Missing Authentication
https://notcve.org/view.php?id=CVE-2022-27480
12 Apr 2022 — A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files. Se ha identificado una vulnerabilidad en SICAM A8000 CP-8031 (todas las versiones anteriores a V4.80), SICAM A8000 CP-8050 (todas las versiones anteriores a V4.80). Los dispositivos afectados no requieren que el usuario sea autentic... • http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html • CWE-425: Direct Request ('Forced Browsing') CWE-862: Missing Authorization •