Siemens Cp-8031 Firmware vulnerabilities
3 known vulnerabilities affecting siemens/cp-8031_firmware.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2023-28489P2CRITICALCVSS 9.8fixed in cpci85_v052023-04-11
CVE-2023-28489 [CRITICAL] CWE-77 CVE-2023-28489: A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MA
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Affected devices are vulnerable to command injection via the web server port 443/tcp, if the parameter “Remote Operation” is enabled. The parameter is disabled by default.
The vulnerability could allow an unau
nvd
CVE-2023-42796P3HIGHCVSS 8.8fixed in 05.112023-10-10
CVE-2023-42796 [HIGH] CWE-22 CVE-2023-42796: A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11), CP-8050
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11). The web server of affected devices fails to properly sanitize user input for the /sicweb-ajax/tmproot/ endpoint.
This could allow an authenticated remote attacker to traverse directories on the system and d
nvd
CVE-2023-36380P3HIGHCVSS 7.8fixed in 05.112023-10-10
CVE-2023-36380 [HIGH] CWE-798 CVE-2023-36380: A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only wit
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corres
nvd