CVE-2024-53832

MEDIUM

CPCI85 <V05.30 - Info Disclosure

Title source: llm

Description

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V05.30). The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the secure element authentication, and then use the secure element as an oracle to decrypt all encrypted update files.

References (2)

[Vendor Advisory] https://cert-portal.siemens.com/productcert/html/ssa-128393.html

[Mailing List] http://seclists.org/fulldisclosure/2025/Feb/19

Scores

CVSS v3 4.6

EPSS 0.0007

EPSS Percentile 20.4%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status draft

Timeline

Published Dec 10, 2024

Tracked Since Feb 18, 2026