CVE-2023-33919

EPSS 9.8%
Veröffentlicht 13.06.2023 09:15:18
Zuletzt bearbeitet 03.11.2025 21:15:57
Quelle productcert@siemens.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Cpci85 Firmware Version < v05

Siemens ≫ Cp-8031 Master Module Version-

Siemens ≫ Cpci85 Firmware Version < v05

Siemens ≫ Cp-8050 Master Module Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.8%	0.927

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
productcert@siemens.com	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html

http://seclists.org/fulldisclosure/2023/Jul/14

http://seclists.org/fulldisclosure/2024/Jul/4

https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf

Patch

Vendor Advisory

http://seclists.org/fulldisclosure/2025/Feb/19

https://nvd.nist.gov/vuln/detail/CVE-2023-33919

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-33919

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-33919

EUVD