CVE-2023-33921

Published: Jun 13, 2023Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to login to the device.

Affected (1)

Products: Siemens: Cpci85 Firmware

1 product

Cpci85 Firmware

Configuration A

1 platform

Running on/with	Platform Versions
Siemens Cp 8050 Master Module	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Cpci85 Firmware	Before v05

Running on/with	Platform Versions
Siemens Cp 8031 Master Module	All versions

Related CWEs

Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

References (6)

http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html

Source: productcert@siemens.com

http://seclists.org/fulldisclosure/2023/Jul/14

Source: productcert@siemens.com

https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf

Source: productcert@siemens.com

PatchVendor Advisory

http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2023/Jul/14

Source: af854a3a-2127-422b-91ae-364da2661108

https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.