Lucene search

[email protected]NVD:CVE-2023-36380

HistoryOct 10, 2023 - 11:15 a.m.

CVE-2023-36380

2023-10-1011:15:11

CWE-798

[email protected]

web.nvd.nist.gov

cve-2023-36380

ssh

authorized_keys

hard-coded id

debug support

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH authorized_keys configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected.

Affected configurations

NVD

Node

siemenscp-8050_firmwareRange<05.11cpci85

AND

siemenscp-8050Match-

Node

siemenscp-8031_firmwareRange<05.11cpci85

AND

siemenscp-8031Match-

References

cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for NVD:CVE-2023-36380

cve1 ics1 prion1 nessus1 cnvd1 cvelist1