CVE-2020-28396

2020-12-1421:05:19

CWE-693

siemens

www.cve.org

cve-2020-28396

sicam a8000

cp-8000

web server

misconfiguration

insecure ciphers

attacker

confidentiality

integrity

EPSS

0.001

Percentile

23.8%

JSON

A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V16), SICAM A8000 CP-8021 (All versions < V16), SICAM A8000 CP-8022 (All versions < V16). A web server misconfiguration of the affected device can cause insecure ciphers usage by a user´s browser. An attacker in a privileged position could decrypt the communication and compromise confidentiality and integrity of the transmitted information.

CNA Affected

[
  {
    "product": "SICAM A8000 CP-8000",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V16"
      }
    ]
  },
  {
    "product": "SICAM A8000 CP-8021",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V16"
      }
    ]
  },
  {
    "product": "SICAM A8000 CP-8022",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V16"
      }
    ]
  }
]