CVE-2022-27480

HIGH

Siemens Sicam A8000 Cp-8031 Firmware < 4.80 - Missing Authorization

Title source: rule

Description

A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files.

References (3)

[Patch, Vendor Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-316850.pdf

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2022/Apr/20

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html

Scores

CVSS v3 7.5

EPSS 0.0036

EPSS Percentile 58.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-862 CWE-425

Status published

Products (2)

siemens/sicam_a8000_cp-8031_firmware < 4.80

siemens/sicam_a8000_cp-8050_firmware < 4.80

Published Apr 12, 2022

Tracked Since Feb 18, 2026