CVE-2024-31485
HIGHCPCI85 Central Processing/Communication <5.30 - Command Injection
Title source: llmDescription
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
References (2)
Core 2
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-871704.html
Mailing List
http://seclists.org/fulldisclosure/2024/Jul/4
Scores
CVSS v3
7.2
EPSS
0.0063
EPSS Percentile
70.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-77
Status
published
Products (2)
Siemens/CPCI85 Central Processing/Communication
< V5.30
Siemens/SICORE Base system
< V1.3.0
Published
May 14, 2024
Tracked Since
Feb 18, 2026