CVE-2023-42797

Published: Jan 9, 2024Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20). The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being used in succeeding validation steps. By uploading specially crafted network configuration, an authenticated remote attacker could be able to inject commands that are executed on the device with root privileges during device startup.

Affected (2)

Products: Siemens: Sicam A8000 Cp 8050 Firmware, Sicam A8000 Cp 8031 Firmware

2 products

Sicam A8000 Cp 8050 Firmware

Sicam A8000 Cp 8031 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Sicam A8000 Cp 8050 Firmware	Before 05.20

Running on/with	Platform Versions
Siemens Sicam A8000 Cp 8050	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Sicam A8000 Cp 8031 Firmware	Before 05.20

Running on/with	Platform Versions
Siemens Sicam A8000 Cp 8031	All versions

Related CWEs

Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-583634.pdf

Source: productcert@siemens.com

PatchVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-583634.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.