CVE-2023-42797
MEDIUMSICAM A8000 CP-8031/CP-8050 < CPCI85 V05.20 Authenticated RCE via IPv4 Flaw
Title source: llmDescription
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20). The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being used in succeeding validation steps. By uploading specially crafted network configuration, an authenticated remote attacker could be able to inject commands that are executed on the device with root privileges during device startup.
References (1)
Core 1
Core References
Patch, Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-583634.pdf
Scores
CVSS v3
6.6
EPSS
0.0022
EPSS Percentile
45.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-908
Status
published
Products (2)
siemens/sicam_a8000_cp-8031_firmware
< 05.20
siemens/sicam_a8000_cp-8050_firmware
< 05.20
Published
Jan 09, 2024
Tracked Since
Feb 18, 2026