CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 0CVE-2024-34057
https://notcve.org/view.php?id=CVE-2024-34057
18 Sep 2024 — Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service. • https://trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-new • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-42797
https://notcve.org/view.php?id=CVE-2023-42797
09 Jan 2024 — A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20). The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being used in succeeding validation steps. By uploading specially crafted network configuration, an authenticated remote attacker could be able to inject commands that are executed on the device with root privilege... • https://cert-portal.siemens.com/productcert/pdf/ssa-583634.pdf • CWE-908: Use of Uninitialized Resource •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-29884
https://notcve.org/view.php?id=CVE-2022-29884
12 Jul 2022 — A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < CPC80 V16.30), CP-8021 MASTER MODULE (All versions < CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions < CPC80 V16.30). When using the HTTPS server under specific conditions, affected devices do not properly free resources. This could allow an unauthenticated remote attacker to put the device into a denial of service condition. Se ... • https://cert-portal.siemens.com/productcert/pdf/ssa-491621.pdf • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27480 – Siemens A8000 CP-8050/CP-8031 SICAM WEB Missing File Download / Missing Authentication
https://notcve.org/view.php?id=CVE-2022-27480
12 Apr 2022 — A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files. Se ha identificado una vulnerabilidad en SICAM A8000 CP-8031 (todas las versiones anteriores a V4.80), SICAM A8000 CP-8050 (todas las versiones anteriores a V4.80). Los dispositivos afectados no requieren que el usuario sea autentic... • http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html • CWE-425: Direct Request ('Forced Browsing') CWE-862: Missing Authorization •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-28396
https://notcve.org/view.php?id=CVE-2020-28396
14 Dec 2020 — A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V16), SICAM A8000 CP-8021 (All versions < V16), SICAM A8000 CP-8022 (All versions < V16). A web server misconfiguration of the affected device can cause insecure ciphers usage by a user´s browser. An attacker in a privileged position could decrypt the communication and compromise confidentiality and integrity of the transmitted information. Se ha identificado una vulnerabilidad en SICAM A8000 CP-8000 (Todas las versiones anteriores a... • https://cert-portal.siemens.com/productcert/pdf/ssa-415783.pdf • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-693: Protection Mechanism Failure •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15781
https://notcve.org/view.php?id=CVE-2020-15781
14 Aug 2020 — A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim views the log messages via the web browser, these log messages might be interpreted and executed as code by the web application. This Cross-Site-Scripting (XSS) vulnerability might compromize the confidentiality, integrity and availability of the web applic... • https://cert-portal.siemens.com/productcert/pdf/ssa-370042.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-13798 – Siemens SICAM A8000 Series Denial Of Service
https://notcve.org/view.php?id=CVE-2018-13798
17 Jan 2019 — A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the web server. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/TCP or 443/TCP. Successful exploitation requires no system ... • https://cert-portal.siemens.com/productcert/pdf/ssa-579309.pdf • CWE-20: Improper Input Validation •