7.5

CVE-2022-27480

A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SiemensSicam A8000 Cp-8031 Firmware Version < 4.80
   SiemensSicam A8000 Cp-8031 Version-
SiemensSicam A8000 Cp-8050 Firmware Version < 4.80
   SiemensSicam A8000 Cp-8050 Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.45% 0.823
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-425 Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2022/Apr/20
Third Party Advisory
Mailing List
https://cert-portal.siemens.com/productcert/pdf/ssa-316850.pdf
Patch
Vendor Advisory