CVE-2022-27480

HIGH

SICAM A8000 CP-8031 and CP-8050 Firmware < 4.80 - Unauthenticated Arbitrary File Download

Title source: llm

Description

A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files.

References (3)

Core 3

Core References

Patch, Vendor Advisory x_refsource_misc

https://cert-portal.siemens.com/productcert/pdf/ssa-316850.pdf

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2022/Apr/20

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html

Scores

CVSS v3 7.5

EPSS 0.0238

EPSS Percentile 81.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-862 CWE-425

Status published

Products (2)

siemens/sicam_a8000_cp-8031_firmware < 4.80

siemens/sicam_a8000_cp-8050_firmware < 4.80

Published Apr 12, 2022

Tracked Since Feb 18, 2026