Siemens SICAM A8000 Web Server Module Improper Access Control (CVE-2021-46304)

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70C All versions, CP-8000 MASTER MODULE WITH I/O -40/+70C All versions, CP-8021 MASTER MODULE All versions, CP-8022 MASTER MODULE WITH GPRS All versions. The component allows to activate a web server module which provides...

CVE-2021-46304

CVE-2021-46304 affects Siemens SICAM A8000/Web Server Module products (CP-8000 series and CP-8021/CP-8022). The issue is improper access control: the web server module can be activated to provide unauthenticated access to its web pages, enabling retrieval of debug information (e.g., internal netw...

CVE-2022-29884

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C All versions CPC80 V16.30, CP-8000 MASTER MODULE WITH I/O -40/+70°C All versions CPC80 V16.30, CP-8021 MASTER MODULE All versions CPC80 V16.30, CP-8022 MASTER MODULE WITH GPRS All versions CPC80 V16.30. When using the...

CVE-2020-28396

The CVE-2020-28396 entry affects Siemens SICAM A8000 RTUs (CP-8000, CP-8021, CP-8022) with all versions before V16. Root cause: a web server misconfiguration that enables insecure ciphers in the user’s browser, allowing an attacker in a privileged position to decrypt traffic and compromise confid...