CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-37998
https://notcve.org/view.php?id=CVE-2024-37998
22 Jul 2024 — A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts of the affected applications can be reset without requiring the knowledge of the current password, given the auto login is enabled. This could allow an unauthorized attacker to obtain administrative access of the affected applications. Se ha identificado una vulnerabilidad en CPCI85 Central Processing/Communication/ (todas ... • https://cert-portal.siemens.com/productcert/html/ssa-071402.html • CWE-620: Unverified Password Change •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-31485 – Siemens CP-8000 / CP-8021 / CP8-022 / CP-8031 / CP-8050 / SICORE Buffer Overread / Escalation
https://notcve.org/view.php?id=CVE-2024-31485
14 May 2024 — A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. Se ha identificado una vulnerabilidad en CPCI85 Central Processing/Communication (todas las versiones < V5.30), sistema base SICORE (to... • http://seclists.org/fulldisclosure/2024/Jul/4 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •