CVE-2023-33919
published 2023-06-13CVE-2023-33919: A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface…
PriorityP264high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
47.72%
98.7th percentile
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | cp-8031_master_module | — | — |
| siemens | cp-8050_master_module | — | — |
| siemens | cpci85_firmware | < v05 | v05 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2023-33919 is a command injection vulnerability in the web interface of Siemens CP-8031 and CP-8050 MASTER MODULE devices (CPCI85 < V05). Detection should focus on authenticated privileged HTTP requests to the web interface containing shell metacharacters or command injection payloads in input fields. ↗
- →Monitor for unexpected processes spawned with root privileges from the web server process on Siemens SICAM A8000 CP-8031/CP-8050 devices, which may indicate successful command injection exploitation. ↗
- →No known public exploits specifically target this vulnerability as of the advisory date; prioritize monitoring over active threat hunting for exploit code. ↗
- ·Exploitation requires an authenticated privileged account (PR:H in CVSS vector), meaning unauthenticated attackers cannot directly exploit this command injection without first obtaining high-privilege credentials. ↗
- ·A companion vulnerability CVE-2023-33920 involves a hard-coded root password hash that could be used for UART console login, and CVE-2023-33921 exposes a UART console login interface — these may be chained with CVE-2023-33919 but require direct physical access. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fmx3-5pvm-8275: A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05)
ghsa_unreviewed·2023-06-13
CVE-2023-33919 [HIGH] CWE-77 GHSA-fmx3-5pvm-8275: A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05)
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
CISA ICS
Siemens SICAM A8000 Devices
cisa_ics·2023-06-15·CVSS 7.2
[HIGH] Siemens SICAM A8000 Devices
ICS Advisory
##
Siemens SICAM A8000 Devices
Release DateJune 15, 2023
Alert CodeICSA-23-166-13
## As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.2
- ATTENTION: Low attack complexity
- Vendor: Siemens
- Equipment: SICAM A8000 Devices
- Vulnerabilities: Command Injection, Use of Hard-coded Credentials, Exposed Dangerous Method or Function
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker, with direct physica
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.htmlhttp://seclists.org/fulldisclosure/2023/Jul/14http://seclists.org/fulldisclosure/2024/Jul/4https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdfhttp://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.htmlhttp://seclists.org/fulldisclosure/2023/Jul/14http://seclists.org/fulldisclosure/2024/Jul/4http://seclists.org/fulldisclosure/2025/Feb/19https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf
2023-06-13
Published