55 matches found
EUVD-2023-40348
Malicious code in bioql PyPI...
EUVD-2023-38069
Malicious code in bioql PyPI...
EUVD-2023-38071
Malicious code in bioql PyPI...
EUVD-2023-38070
Malicious code in bioql PyPI...
EUVD-2023-47224
Malicious code in bioql PyPI...
CVE-2023-42797
A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.20, CP-8050 MASTER MODULE All versions CPCI85 V05.20. The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being...
CVE-2023-33921
A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05, CP-8050 MASTER MODULE All versions CPCI85 V05. The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to...
CVE-2023-33919
A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05, CP-8050 MASTER MODULE All versions CPCI85 V05. The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged...
CVE-2023-36380
A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.11 only with activated debug support, CP-8050 MASTER MODULE All versions CPCI85 V05.11 only with activated debug support. The affected devices contain a hard-coded ID in the SSH authorizedkeys configuration file...
CVE-2023-33920
A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05, CP-8050 MASTER MODULE All versions CPCI85 V05. The affected devices contain the hash of the root password in a hard-coded form, which could be exploited for UART console login to the device. An attacker with...
CVE-2023-42796
A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.11, CP-8050 MASTER MODULE All versions CPCI85 V05.11. The web server of affected devices fails to properly sanitize user input for the /sicweb-ajax/tmproot/ endpoint. This could allow an authenticated remote...
CVE-2023-42797
A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.20, CP-8050 MASTER MODULE All versions CPCI85 V05.20. The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being...
Design/Logic Flaw
A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.20, CP-8050 MASTER MODULE All versions CPCI85 V05.20. The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being...
CVE-2023-42797
A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.20, CP-8050 MASTER MODULE All versions CPCI85 V05.20. The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being...
CVE-2023-42797
Summary: CVE-2023-42797 affects Siemens SICAM A8000 CP-8031 and CP-8050 Master Modules (versions prior to CPCI85 V05.20). The network configuration service mishandles IPv4 address conversion, causing an uninitialized variable to be used in subsequent validation. An authenticated remote attacker c...
Siemens CPCI85 Firmware of SICAM A8000 Devices Use of Hard-Coded Credentials (CVE-2023-36380)
A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.11 only with activated debug support, CP-8050 MASTER MODULE All versions CPCI85 V05.11 only with activated debug support. The affected devices contain a hard-coded ID in the SSH authorizedkeys configuration file...
Siemens SICAM A8000 Devices Improper Limitation of a Pathname to a Restricted Directory (CVE-2023-42796)
A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.11, CP-8050 MASTER MODULE All versions CPCI85 V05.11. The web server of affected devices fails to properly sanitize user input for the /sicweb-ajax/tmproot/ endpoint. This could allow an authenticated remote...
The vulnerability of the microprogrammed software in Siemens SICAM CP-8031 and CP-8050 control modules allows a hacker to gain full control over the device.
The vulnerability of the microprogrammed software in Siemens SICAM CP-8031 and CP-8050 control modules is related to the presence of a rigidly programmed “authorizedkeys” identifier in the SSH configuration file. Exploiting this vulnerability allows a malicious actor to gain full control over the...
Design/Logic Flaw
A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.11, CP-8050 MASTER MODULE All versions CPCI85 V05.11. The web server of affected devices fails to properly sanitize user input for the /sicweb-ajax/tmproot/ endpoint. This could allow an authenticated remote...
Hardcoded credentials
A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.11 only with activated debug support, CP-8050 MASTER MODULE All versions CPCI85 V05.11 only with activated debug support. The affected devices contain a hard-coded ID in the SSH authorizedkeys configuration file...