CVE-2023-33921
6.8
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Summary
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to login to the device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | CP-8031 MASTER MODULE | All versions < CPCI85 V05 | affected |
| Siemens | CP-8050 MASTER MODULE | All versions < CPCI85 V05 | affected |
Weaknesses
- CWE-749: CWE-749: Exposed Dangerous Method or Function
ADP Enrichment
CVE Program Container
Additional References
- https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf
- http://seclists.org/fulldisclosure/2023/Jul/14
- http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf
- http://seclists.org/fulldisclosure/2023/Jul/14
- http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.