Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for cpci85_firmware by siemens

    CVE-2023-33921 (GCVE-0-2023-33921)

    Vulnerability from nvd – Published: 2023-06-13 08:17 – Updated: 2025-02-13 16:55
    VLAI
    Summary
    A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to login to the device.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-749 - Exposed Dangerous Method or Function
    Assigner
    Impacted products
    Vendor Product Version
    Siemens CP-8031 MASTER MODULE Affected: All versions < CPCI85 V05
    Create a notification for this product.
    Siemens CP-8050 MASTER MODULE Affected: All versions < CPCI85 V05
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:54:13.402Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Jul/14"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33921",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-02T21:12:03.918030Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-02T21:13:54.072Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "CP-8031 MASTER MODULE",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c CPCI85 V05"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "CP-8050 MASTER MODULE",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c CPCI85 V05"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions \u003c CPCI85 V05), CP-8050 MASTER MODULE (All versions \u003c CPCI85 V05). The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to login to the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-749",
                  "description": "CWE-749: Exposed Dangerous Method or Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-11T17:06:27.768Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2023/Jul/14"
            },
            {
              "url": "http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-33921",
        "datePublished": "2023-06-13T08:17:20.886Z",
        "dateReserved": "2023-05-23T10:09:31.037Z",
        "dateUpdated": "2025-02-13T16:55:11.752Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33920 (GCVE-0-2023-33920)

    Vulnerability from nvd – Published: 2023-06-13 08:17 – Updated: 2025-02-13 16:55
    VLAI
    Summary
    A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain the hash of the root password in a hard-coded form, which could be exploited for UART console login to the device. An attacker with direct physical access could exploit this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Siemens CP-8031 MASTER MODULE Affected: All versions < CPCI85 V05
    Create a notification for this product.
    Siemens CP-8050 MASTER MODULE Affected: All versions < CPCI85 V05
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:54:13.387Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Jul/14"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33920",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-03T01:34:38.544377Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-03T01:35:55.952Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "CP-8031 MASTER MODULE",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c CPCI85 V05"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "CP-8050 MASTER MODULE",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c CPCI85 V05"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions \u003c CPCI85 V05), CP-8050 MASTER MODULE (All versions \u003c CPCI85 V05). The affected devices contain the hash of the root password in a hard-coded form, which could be exploited for UART console login to the device. An attacker with direct physical access could exploit this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798: Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-11T17:06:23.541Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2023/Jul/14"
            },
            {
              "url": "http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-33920",
        "datePublished": "2023-06-13T08:17:19.819Z",
        "dateReserved": "2023-05-23T10:09:31.037Z",
        "dateUpdated": "2025-02-13T16:55:11.191Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33919 (GCVE-0-2023-33919)

    Vulnerability from nvd – Published: 2023-06-13 08:17 – Updated: 2025-11-03 20:35
    VLAI
    Summary
    A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Siemens CP-8031 MASTER MODULE Affected: All versions < CPCI85 V05
    Create a notification for this product.
    Siemens CP-8050 MASTER MODULE Affected: All versions < CPCI85 V05
    Create a notification for this product.
    siemens cp-8031_master_module Affected: 0 , < CVE-2022-33307 (custom)
        cpe:2.3:h:siemens:cp-8031_master_module:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens cp-8050_master_module Affected: 0 , < CVE-2022-33307 (custom)
        cpe:2.3:h:siemens:cp-8050_master_module:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:siemens:cp-8031_master_module:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "cp-8031_master_module",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "CVE-2022-33307",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:cp-8050_master_module:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "cp-8050_master_module",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "CVE-2022-33307",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33919",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-05T20:17:08.721536Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-06T14:12:00.475Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T20:35:33.949Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Jul/14"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jul/4"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Feb/19"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "CP-8031 MASTER MODULE",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c CPCI85 V05"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "CP-8050 MASTER MODULE",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c CPCI85 V05"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions \u003c CPCI85 V05), CP-8050 MASTER MODULE (All versions \u003c CPCI85 V05). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-04T06:06:07.699Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2023/Jul/14"
            },
            {
              "url": "http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/Jul/4"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-33919",
        "datePublished": "2023-06-13T08:17:18.755Z",
        "dateReserved": "2023-05-23T10:09:31.037Z",
        "dateUpdated": "2025-11-03T20:35:33.949Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-33921 (GCVE-0-2023-33921)

    Vulnerability from cvelistv5 – Published: 2023-06-13 08:17 – Updated: 2025-02-13 16:55
    VLAI
    Summary
    A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to login to the device.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-749 - Exposed Dangerous Method or Function
    Assigner
    Impacted products
    Vendor Product Version
    Siemens CP-8031 MASTER MODULE Affected: All versions < CPCI85 V05
    Create a notification for this product.
    Siemens CP-8050 MASTER MODULE Affected: All versions < CPCI85 V05
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:54:13.402Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Jul/14"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33921",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-02T21:12:03.918030Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-02T21:13:54.072Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "CP-8031 MASTER MODULE",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c CPCI85 V05"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "CP-8050 MASTER MODULE",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c CPCI85 V05"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions \u003c CPCI85 V05), CP-8050 MASTER MODULE (All versions \u003c CPCI85 V05). The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to login to the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-749",
                  "description": "CWE-749: Exposed Dangerous Method or Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-11T17:06:27.768Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2023/Jul/14"
            },
            {
              "url": "http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-33921",
        "datePublished": "2023-06-13T08:17:20.886Z",
        "dateReserved": "2023-05-23T10:09:31.037Z",
        "dateUpdated": "2025-02-13T16:55:11.752Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33920 (GCVE-0-2023-33920)

    Vulnerability from cvelistv5 – Published: 2023-06-13 08:17 – Updated: 2025-02-13 16:55
    VLAI
    Summary
    A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain the hash of the root password in a hard-coded form, which could be exploited for UART console login to the device. An attacker with direct physical access could exploit this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Siemens CP-8031 MASTER MODULE Affected: All versions < CPCI85 V05
    Create a notification for this product.
    Siemens CP-8050 MASTER MODULE Affected: All versions < CPCI85 V05
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:54:13.387Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Jul/14"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33920",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-03T01:34:38.544377Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-03T01:35:55.952Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "CP-8031 MASTER MODULE",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c CPCI85 V05"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "CP-8050 MASTER MODULE",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c CPCI85 V05"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions \u003c CPCI85 V05), CP-8050 MASTER MODULE (All versions \u003c CPCI85 V05). The affected devices contain the hash of the root password in a hard-coded form, which could be exploited for UART console login to the device. An attacker with direct physical access could exploit this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798: Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-11T17:06:23.541Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2023/Jul/14"
            },
            {
              "url": "http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-33920",
        "datePublished": "2023-06-13T08:17:19.819Z",
        "dateReserved": "2023-05-23T10:09:31.037Z",
        "dateUpdated": "2025-02-13T16:55:11.191Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33919 (GCVE-0-2023-33919)

    Vulnerability from cvelistv5 – Published: 2023-06-13 08:17 – Updated: 2025-11-03 20:35
    VLAI
    Summary
    A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Siemens CP-8031 MASTER MODULE Affected: All versions < CPCI85 V05
    Create a notification for this product.
    Siemens CP-8050 MASTER MODULE Affected: All versions < CPCI85 V05
    Create a notification for this product.
    siemens cp-8031_master_module Affected: 0 , < CVE-2022-33307 (custom)
        cpe:2.3:h:siemens:cp-8031_master_module:-:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens cp-8050_master_module Affected: 0 , < CVE-2022-33307 (custom)
        cpe:2.3:h:siemens:cp-8050_master_module:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:siemens:cp-8031_master_module:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "cp-8031_master_module",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "CVE-2022-33307",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:siemens:cp-8050_master_module:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "cp-8050_master_module",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "CVE-2022-33307",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33919",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-05T20:17:08.721536Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-06T14:12:00.475Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T20:35:33.949Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Jul/14"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jul/4"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Feb/19"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "CP-8031 MASTER MODULE",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c CPCI85 V05"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "CP-8050 MASTER MODULE",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c CPCI85 V05"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions \u003c CPCI85 V05), CP-8050 MASTER MODULE (All versions \u003c CPCI85 V05). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-04T06:06:07.699Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2023/Jul/14"
            },
            {
              "url": "http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/Jul/4"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-33919",
        "datePublished": "2023-06-13T08:17:18.755Z",
        "dateReserved": "2023-05-23T10:09:31.037Z",
        "dateUpdated": "2025-11-03T20:35:33.949Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }