Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-33919

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

Published

2023-06-13T09:15:18.620

Last Modified

2024-11-21T08:06:12.450

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Secondary
CWE-77
Type: Primary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	siemens	cpci85_firmware	< v05	Yes
Hardware	siemens	cp-8031_master_module	-	No
Operating System	siemens	cpci85_firmware	< v05	Yes
Hardware	siemens	cp-8050_master_module	-	No

References

http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html ([email protected])
http://seclists.org/fulldisclosure/2023/Jul/14 ([email protected])
http://seclists.org/fulldisclosure/2024/Jul/4 ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf Patch, Vendor Advisory ([email protected])
http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2023/Jul/14 (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2024/Jul/4 (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)