cbcvebase.
CVE-2023-33919
published 2023-06-13

CVE-2023-33919: A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface…

PriorityP264high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
47.72%
98.7th percentile
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

Affected

3 ranges
VendorProductVersion rangeFixed in
siemenscp-8031_master_module
siemenscp-8050_master_module
siemenscpci85_firmware< v05v05

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2023-33919 is a command injection vulnerability in the web interface of Siemens CP-8031 and CP-8050 MASTER MODULE devices (CPCI85 < V05). Detection should focus on authenticated privileged HTTP requests to the web interface containing shell metacharacters or command injection payloads in input fields.
  • Monitor for unexpected processes spawned with root privileges from the web server process on Siemens SICAM A8000 CP-8031/CP-8050 devices, which may indicate successful command injection exploitation.
  • No known public exploits specifically target this vulnerability as of the advisory date; prioritize monitoring over active threat hunting for exploit code.
  • ·Exploitation requires an authenticated privileged account (PR:H in CVSS vector), meaning unauthenticated attackers cannot directly exploit this command injection without first obtaining high-privilege credentials.
  • ·A companion vulnerability CVE-2023-33920 involves a hard-coded root password hash that could be used for UART console login, and CVE-2023-33921 exposes a UART console login interface — these may be chained with CVE-2023-33919 but require direct physical access.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.