Lucene search
CVE-2024-31485
🗓️ 14 May 2024 16:51:16Reported by siemensType 
cve🔗 web.nvd.nist.gov📰️ 20 Media mentions👁 40 Views🌐 WEB
A vulnerability in CPCI85 and SICORE Base system allows authenticated remote attackers to execute arbitrary cod
Show more
| Reporter | Title | Published | Views | Family All 6 |
|---|---|---|---|---|
 | CVE-2024-31485 | 14 May 202416:16 | – | nvd |
 | CVE-2024-31485 | 14 May 202410:02 | – | cvelist |
 | Siemens SICAM Product Command Injection Vulnerability | 16 May 202400:00 | – | cnvd |
 | CVE-2024-31485 | 14 May 202410:02 | – | vulnrichment |
 | Siemens SICAM Products | 14 May 202400:00 | – | ics |
 | Siemens CP-8000 / CP-8021 / CP8-022 / CP-8031 / CP-8050 / SICORE Buffer Overread / Escalation | 4 Jul 202400:00 | – | packetstorm |
[
{
"vendor": "Siemens",
"product": "CPCI85 Central Processing/Communication",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "V5.30",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SICORE Base system",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "V1.3.0",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]| Source | Link |
|---|---|
| cert-portal | www.cert-portal.siemens.com/productcert/html/ssa-871704.html |
| seclists | www.seclists.org/fulldisclosure/2024/Jul/4 |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| SICWEB-SID | request body | /sicweb-ajax/rtum85/cview | Privilege escalation vulnerability allows an attacker to intercept and capture sensitive information, including higher privileged user accounts and passwords through unencrypted traffic. | CWE-77 |
| parameter id | request body | /sicweb-ajax/rtum85/cview | Privilege escalation vulnerability allows an attacker to intercept and capture sensitive information, including higher privileged user accounts and passwords through unencrypted traffic. | CWE-77 |
| value | request body | /sicweb-ajax/rtum85/cview | Privilege escalation vulnerability allows an attacker to intercept and capture sensitive information, including higher privileged user accounts and passwords through unencrypted traffic. | CWE-77 |
| Session-ID | header | /SICAM_TOOLBOX_1703_remote_connection_00.htm | Buffer overread vulnerability allows attackers to exploit the HTTP header, leaking data from memory due to improper use of the strncpy function. | CWE-77 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo14 May 2024 16:16Current
7.9High risk
Vulners AI Score7.9
CVSS37.2
CVSS48.6
EPSS0.00043
SSVC