CVE-2020-10042
published 2020-07-14CVE-2020-10042: A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). A buffer overflow in various…
PriorityP359critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.89%
77.0th percentile
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). A buffer overflow in various positions of the web application might enable an attacker with access to the web application to execute arbitrary code over the network.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | sicam_mmu_firmware | < 2.05 | 2.05 |
| siemens | sicam_t_firmware | < 2.18 | 2.18 |
| siemens_ag | sicam_mmu | — | — |
| siemens_ag | sicam_sgu | — | — |
| siemens_ag | sicam_t | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SICAM MMU, SICAM T, and SICAM SGU
cisa_ics·2020-07-14·CVSS 7.5
[HIGH] Siemens SICAM MMU, SICAM T, and SICAM SGU
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SICAM MMU, SICAM T, and SICAM SGU
Last RevisedJuly 14, 2020
Alert CodeICSA-20-196-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Siemens
- Equipment: SICAM MMU, SICAM T and SICAM SGU
- Vulnerabilities: Out-of-bounds Read, Missing Authentication for Critical Function, Missing Encryption of Sensitive Data, Use of Password Hash with Insufficient Computational Effort, Cross-site Scripting, Classic Buffer Overflow, Basic XSS, Authentication Bypass by Capture-replay
## 2. RISK EVALUATION
Successful exploita
GHSA
GHSA-53f6-5gcr-4fhc: A vulnerability has been identified in SICAM MMU (All versions < V2
ghsa_unreviewed·2022-05-24
CVE-2020-10042 [HIGH] GHSA-53f6-5gcr-4fhc: A vulnerability has been identified in SICAM MMU (All versions < V2
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). A buffer overflow in various positions of the web application might enable an attacker with access to the web application to execute arbitrary code over the network.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-07-14
Published