Description
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References (5)
Core 5
Core References
Patch, Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf
Mailing List
http://seclists.org/fulldisclosure/2023/Jul/14
Mailing List
http://seclists.org/fulldisclosure/2024/Jul/4
Mailing List
http://seclists.org/fulldisclosure/2025/Feb/19
Exploit, Third Party Advisory
http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html
Scores
CVSS v3
7.2
EPSS
0.0985
EPSS Percentile
93.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-77
Status
published
Products (1)
siemens/cpci85_firmware
< v05
Published
Jun 13, 2023
Tracked Since
Feb 18, 2026