CVE-2023-28489
published 2023-04-11CVE-2023-28489: A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Affected devices…
PriorityP273critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.84%
84.9th percentile
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Affected devices are vulnerable to command injection via the web server port 443/tcp, if the parameter “Remote Operation” is enabled. The parameter is disabled by default.
The vulnerability could allow an unauthenticated remote attacker to perform arbitrary code execution on the device.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | cp-8031_firmware | < cpci85_v05 | cpci85_v05 |
| siemens | cp-8031_master_module | — | — |
| siemens | cp-8050_firmware | < cpci85_v05 | cpci85_v05 |
| siemens | cp-8050_master_module | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect and alert on any inbound connections to port 443/TCP and 80/TCP on CP-8031 and CP-8050 MASTER MODULE devices from untrusted/external sources, as exploitation requires no authentication. ↗
- ·No known public exploits specifically target this vulnerability at time of advisory publication. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens CPCI85 Firmware of SICAM A8000 Devices
cisa_ics·2023-04-13·CVSS 9.8
[CRITICAL] Siemens CPCI85 Firmware of SICAM A8000 Devices
ICS Advisory
##
Siemens CPCI85 Firmware of SICAM A8000 Devices
Release DateApril 13, 2023
Alert CodeICSA-23-103-07
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: CPCI85 Firmware of SICAM A8000 Devices
- Vulnerability: Improper Neutralization of Special Elements used in a Command ('Command Injection')
## 2. RISK EVALUATION
Successful exploitation of this vulnerability cou
GHSA
GHSA-x9qv-5m74-x74p: A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05)
ghsa_unreviewed·2023-07-06
CVE-2023-28489 [CRITICAL] CWE-77 GHSA-x9qv-5m74-x74p: A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05)
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Affected devices are vulnerable to command injection via the web server port 443/tcp, if the parameter “Remote Operation” is enabled. The parameter is disabled by default.
The vulnerability could allow an unauthenticated remote attacker to perform arbitrary code execution on the device.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.htmlhttp://seclists.org/fulldisclosure/2023/Jul/14https://cert-portal.siemens.com/productcert/pdf/ssa-472454.pdfhttp://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.htmlhttp://seclists.org/fulldisclosure/2023/Jul/14https://cert-portal.siemens.com/productcert/pdf/ssa-472454.pdf
2023-04-11
Published