// For flags

CVE-2023-42797

 

Severity Score

7.2
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20). The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being used in succeeding validation steps. By uploading specially crafted network configuration, an authenticated remote attacker could be able to inject commands that are executed on the device with root privileges during device startup.

Se ha identificado una vulnerabilidad en CP-8031 MASTER MODULE (Todas las versiones &lt; CPCI85 V05.20), CP-8050 MASTER MODULE (Todas las versiones &lt; CPCI85 V05.20). El servicio de configuración de red de los dispositivos afectados contiene un fallo en la conversión de direcciones IPv4 que podría llevar a que se utilice una variable no inicializada en los siguientes pasos de validación. Al cargar una configuración de red especialmente manipulada, un atacante remoto autenticado podría inyectar comandos que se ejecutan en el dispositivo con privilegios de root durante el inicio del dispositivo.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Multiple
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-09-14 CVE Reserved
  • 2024-01-09 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-908: Use of Uninitialized Resource
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
https://cert-portal.siemens.com/productcert/pdf/ssa-583634.pdf 2024-01-16
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Siemens
Search vendor "Siemens"
 Sicam A8000 Cp-8050 Firmware
Search vendor "Siemens" for product "Sicam A8000 Cp-8050 Firmware"
 < 05.20
Search vendor "Siemens" for product "Sicam A8000 Cp-8050 Firmware" and version " < 05.20"
-
Affected
in Siemens
Search vendor "Siemens"
 Sicam A8000 Cp-8050
Search vendor "Siemens" for product "Sicam A8000 Cp-8050"
--
Safe
Siemens
Search vendor "Siemens"
 Sicam A8000 Cp-8031 Firmware
Search vendor "Siemens" for product "Sicam A8000 Cp-8031 Firmware"
 < 05.20
Search vendor "Siemens" for product "Sicam A8000 Cp-8031 Firmware" and version " < 05.20"
-
Affected
in Siemens
Search vendor "Siemens"
 Sicam A8000 Cp-8031
Search vendor "Siemens" for product "Sicam A8000 Cp-8031"
--
Safe