CVE-2023-42796

Published: Oct 10, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11). The web server of affected devices fails to properly sanitize user input for the /sicweb-ajax/tmproot/ endpoint. This could allow an authenticated remote attacker to traverse directories on the system and download arbitrary files. By exploring active session IDs, the vulnerability could potentially be leveraged to escalate privileges to the administrator role.

Affected (2)

Products: Siemens: Cp 8050 Firmware, Cp 8031 Firmware

2 products

Cp 8050 Firmware

Cp 8031 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Cp 8050 Firmware	Before 05.11

Running on/with	Platform Versions
Siemens Cp 8050	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Cp 8031 Firmware	Before 05.11

Running on/with	Platform Versions
Siemens Cp 8031	All versions

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-770890.pdf

Source: productcert@siemens.com

PatchVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-770890.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.