// For flags

CVE-2023-42796

 

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11). The web server of affected devices fails to properly sanitize user input for the /sicweb-ajax/tmproot/ endpoint. This could allow an authenticated remote attacker to traverse directories on the system and download arbitrary files. By exploring active session IDs, the vulnerability could potentially be leveraged to escalate privileges to the administrator role.

Se ha identificado una vulnerabilidad en: CP-8031 MASTER MODULE (Todas las versiones &lt; CPCI85 V05.11), CP-8050 MASTER MODULE (Todas las versiones &lt; CPCI85 V05.11). El servidor web de los dispositivos afectados no sanitiza adecuadamente la entrada del usuario para el endpoint /sicweb-ajax/tmproot/. Esto podría permitir que un atacante remoto autenticado atraviese directorios del sistema y descargue archivos arbitrarios. Al explorar los ID de sesión activos, la vulnerabilidad podría aprovecharse para escalar privilegios al rol de administrador.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-09-14 CVE Reserved
  • 2023-10-10 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
https://cert-portal.siemens.com/productcert/pdf/ssa-770890.pdf 2023-10-16
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Siemens
Search vendor "Siemens"
 Cp-8050 Firmware
Search vendor "Siemens" for product "Cp-8050 Firmware"
 < 05.11
Search vendor "Siemens" for product "Cp-8050 Firmware" and version " < 05.11"
cpci85
Affected
in Siemens
Search vendor "Siemens"
 Cp-8050
Search vendor "Siemens" for product "Cp-8050"
--
Safe
Siemens
Search vendor "Siemens"
 Cp-8031 Firmware
Search vendor "Siemens" for product "Cp-8031 Firmware"
 < 05.11
Search vendor "Siemens" for product "Cp-8031 Firmware" and version " < 05.11"
cpci85
Affected
in Siemens
Search vendor "Siemens"
 Cp-8031
Search vendor "Siemens" for product "Cp-8031"
--
Safe