CVE-2023-33921

EPSS 0.14%
Veröffentlicht 13.06.2023 09:15:18
Zuletzt bearbeitet 21.11.2024 08:06:12
Quelle productcert@siemens.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to login to the device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Cpci85 Firmware Version < v05

Siemens ≫ Cp-8050 Master Module Version-

Siemens ≫ Cpci85 Firmware Version < v05

Siemens ≫ Cp-8031 Master Module Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.353

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
productcert@siemens.com	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-749 Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html

http://seclists.org/fulldisclosure/2023/Jul/14

https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-33921

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-33921

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-33921

EUVD