CVE-2023-28489
CRITICALCP-8031 MASTER MODULE < CPCI85 V05 - Command Injection
Title source: llmDescription
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Affected devices are vulnerable to command injection via the web server port 443/tcp, if the parameter “Remote Operation” is enabled. The parameter is disabled by default. The vulnerability could allow an unauthenticated remote attacker to perform arbitrary code execution on the device.
References (3)
Core 3
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-472454.pdf
Mailing List
http://seclists.org/fulldisclosure/2023/Jul/14
Exploit, Third Party Advisory
http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html
Scores
CVSS v3
9.8
EPSS
0.0270
EPSS Percentile
86.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-77
Status
published
Products (2)
siemens/cp-8031_firmware
< cpci85_v05
siemens/cp-8050_firmware
< cpci85_v05
Published
Apr 11, 2023
Tracked Since
Feb 18, 2026