8.4 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
8.8 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). The application does not correctly escape some user provided fields during the authentication process. This could allow an attacker to inject custom commands and execute arbitrary code with elevated privileges.
[
{
"vendor": "Siemens",
"product": "SIMATIC CP 1242-7 V2",
"versions": [
{
"version": "All versions < V3.3.46",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIMATIC CP 1243-1",
"versions": [
{
"version": "All versions < V3.3.46",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIMATIC CP 1243-7 LTE EU",
"versions": [
{
"version": "All versions < V3.3.46",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIMATIC CP 1243-7 LTE US",
"versions": [
{
"version": "All versions < V3.3.46",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIMATIC CP 1243-8 IRC",
"versions": [
{
"version": "All versions < V3.3.46",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIMATIC CP 1542SP-1 IRC",
"versions": [
{
"version": "All versions >= V2.0 < V2.2.28",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIMATIC CP 1543-1",
"versions": [
{
"version": "All versions < V3.0.22",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIMATIC CP 1543SP-1",
"versions": [
{
"version": "All versions >= V2.0 < V2.2.28",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL",
"versions": [
{
"version": "All versions >= V2.0 < V2.2.28",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIPLUS ET 200SP CP 1543SP-1 ISEC",
"versions": [
{
"version": "All versions >= V2.0 < V2.2.28",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL",
"versions": [
{
"version": "All versions >= V2.0 < V2.2.28",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIPLUS NET CP 1242-7 V2",
"versions": [
{
"version": "All versions < V3.3.46",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIPLUS NET CP 1543-1",
"versions": [
{
"version": "All versions < V3.0.22",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIPLUS S7-1200 CP 1243-1",
"versions": [
{
"version": "All versions < V3.3.46",
"status": "affected"
}
],
"defaultStatus": "unknown"
},
{
"vendor": "Siemens",
"product": "SIPLUS S7-1200 CP 1243-1 RAIL",
"versions": [
{
"version": "All versions < V3.3.46",
"status": "affected"
}
],
"defaultStatus": "unknown"
}
]
8.4 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
8.8 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%