CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-42797
https://notcve.org/view.php?id=CVE-2023-42797
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20). The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being used in succeeding validation steps. By uploading specially crafted network configuration, an authenticated remote attacker could be able to inject commands that are executed on the device with root privileges during device startup. Se ha identificado una vulnerabilidad en CP-8031 MASTER MODULE (Todas las versiones < CPCI85 V05.20), CP-8050 MASTER MODULE (Todas las versiones < CPCI85 V05.20). El servicio de configuración de red de los dispositivos afectados contiene un fallo en la conversión de direcciones IPv4 que podría llevar a que se utilice una variable no inicializada en los siguientes pasos de validación. Al cargar una configuración de red especialmente manipulada, un atacante remoto autenticado podría inyectar comandos que se ejecutan en el dispositivo con privilegios de root durante el inicio del dispositivo. • https://cert-portal.siemens.com/productcert/pdf/ssa-583634.pdf • CWE-908: Use of Uninitialized Resource •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27480 – Siemens A8000 CP-8050/CP-8031 SICAM WEB Missing File Download / Missing Authentication
https://notcve.org/view.php?id=CVE-2022-27480
A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files. Se ha identificado una vulnerabilidad en SICAM A8000 CP-8031 (todas las versiones anteriores a V4.80), SICAM A8000 CP-8050 (todas las versiones anteriores a V4.80). Los dispositivos afectados no requieren que el usuario sea autenticado para acceder a determinados archivos. • http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html http://seclists.org/fulldisclosure/2022/Apr/20 https://cert-portal.siemens.com/productcert/pdf/ssa-316850.pdf • CWE-425: Direct Request ('Forced Browsing') CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-13798 – Siemens SICAM A8000 Series Denial Of Service
https://notcve.org/view.php?id=CVE-2018-13798
A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the web server. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/TCP or 443/TCP. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the web server. • https://cert-portal.siemens.com/productcert/pdf/ssa-579309.pdf • CWE-20: Improper Input Validation •