Vulnerabilites related to Siemens - CP-8022 MASTER MODULE WITH GPRS
var-202207-0711
Vulnerability from variot
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < CPC80 V16.30), CP-8021 MASTER MODULE (All versions < CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions < CPC80 V16.30). When using the HTTPS server under specific conditions, affected devices do not properly free resources. This could allow an unauthenticated remote attacker to put the device into a denial of service condition. Siemens' SICAM A8000 CP-8000 firmware, SICAM A8000 CP-8021 firmware, SICAM A8000 CP-8022 A vulnerability exists in firmware for lack of freeing resources after valid lifetime.Service operation interruption (DoS) It may be in a state. The SICAM A8000 RTU (Remote Terminal Unit) series is a modular device family for remote control and automation applications in all areas of energy supply
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0711",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sicam a8000 cp-8000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.30"
},
{
"model": "sicam a8000 cp-8022",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.30"
},
{
"model": "sicam a8000 cp-8021",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.30"
},
{
"model": "sicam a8000 cp-8022",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sicam a8000 cp-8021",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sicam a8000 cp-8000",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "cp-8000 master module with i/o -25/+70\u00b0c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.30"
},
{
"model": "cp-8000 master module with i/o -40/+70\u00b0c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.30"
},
{
"model": "cp-8021 master module",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.30"
},
{
"model": "cp-8022 master module with gprs",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.30"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"db": "NVD",
"id": "CVE-2022-29884"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Messner from Siemens Energy reported this vulnerability to Siemens.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-941"
}
],
"trust": 0.6
},
"cve": "CVE-2022-29884",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-29884",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-51638",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-29884",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-29884",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-29884",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-29884",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-51638",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-941",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-29884",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"db": "VULMON",
"id": "CVE-2022-29884"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-941"
},
{
"db": "NVD",
"id": "CVE-2022-29884"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions \u003c CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions \u003c CPC80 V16.30), CP-8021 MASTER MODULE (All versions \u003c CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions \u003c CPC80 V16.30). When using the HTTPS server under specific conditions, affected devices do not properly free resources. This could allow an unauthenticated remote attacker to put the device into a denial of service condition. Siemens\u0027 SICAM A8000 CP-8000 firmware, SICAM A8000 CP-8021 firmware, SICAM A8000 CP-8022 A vulnerability exists in firmware for lack of freeing resources after valid lifetime.Service operation interruption (DoS) It may be in a state. The SICAM A8000 RTU (Remote Terminal Unit) series is a modular device family for remote control and automation applications in all areas of energy supply",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-29884"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"db": "VULMON",
"id": "CVE-2022-29884"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-29884",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-491621",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-22-195-14",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU97764115",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013266",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-51638",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071329",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202207-941",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-29884",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"db": "VULMON",
"id": "CVE-2022-29884"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-941"
},
{
"db": "NVD",
"id": "CVE-2022-29884"
}
]
},
"id": "VAR-202207-0711",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51638"
}
],
"trust": 1.3974026
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51638"
}
]
},
"last_update_date": "2024-08-14T13:42:36.694000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens SICAM A8000 CPC80 Exists Unknown Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/339931"
},
{
"title": "Siemens SICAM A8000 CP-8000 Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200067"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-941"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-772",
"trust": 1.0
},
{
"problemtype": "Lack of resource release after valid lifetime (CWE-772) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"db": "NVD",
"id": "CVE-2022-29884"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491621.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97764115/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29884"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-195-14"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-491621.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-29884/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071329"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-195-14"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/772.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-14"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"db": "VULMON",
"id": "CVE-2022-29884"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-941"
},
{
"db": "NVD",
"id": "CVE-2022-29884"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"db": "VULMON",
"id": "CVE-2022-29884"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-941"
},
{
"db": "NVD",
"id": "CVE-2022-29884"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"date": "2022-07-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-29884"
},
{
"date": "2023-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"date": "2022-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-941"
},
{
"date": "2022-07-12T10:15:10.547000",
"db": "NVD",
"id": "CVE-2022-29884"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"date": "2022-07-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-29884"
},
{
"date": "2023-09-06T08:23:00",
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"date": "2022-07-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-941"
},
{
"date": "2022-07-19T18:18:45.773000",
"db": "NVD",
"id": "CVE-2022-29884"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-941"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lack of Freeing Resources After Valid Lifetime Vulnerability in Multiple Siemens Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013266"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-941"
}
],
"trust": 0.6
}
}
var-202208-0676
Vulnerability from variot
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions), CP-8021 MASTER MODULE (All versions), CP-8022 MASTER MODULE WITH GPRS (All versions). The component allows to activate a web server module which provides unauthenticated access to its web pages. This could allow an attacker to retrieve debug-level information from the component such as internal network topology or connected systems. The SICAM A8000 RTU (Remote Terminal Unit) series is a modular device family for remote control and automation applications in all areas of energy supply
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-0676",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp-8000 master module with i\\/o -25\\/\\+70",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "cp-8022 master module with gprs",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "cp-8021 master module",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "cp-8000 master module with i\\/o -40\\/\\+70",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "cp-8000 master module with i/o - 40/+70",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "cp-8022 master module with gprs",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "cp-8000 master module with i/o - 25/+70",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "cp-8021 master module",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "cp-8022 master module with gprs",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "cp-8021 master module",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "cp-8000 master module with i/o -40/+70\u00b0c",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "cp-8000 master module with i/o -25/+70\u00b0c",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56478"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014673"
},
{
"db": "NVD",
"id": "CVE-2021-46304"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CybExer Technologies reported this vulnerability to Siemens.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2720"
}
],
"trust": 0.6
},
"cve": "CVE-2021-46304",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-56478",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-46304",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-46304",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-46304",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-46304",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-56478",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2720",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56478"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014673"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2720"
},
{
"db": "NVD",
"id": "CVE-2021-46304"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions), CP-8021 MASTER MODULE (All versions), CP-8022 MASTER MODULE WITH GPRS (All versions). The component allows to activate a web server module which provides unauthenticated access to its web pages. This could allow an attacker to retrieve debug-level information from the component such as internal network topology or connected systems. The SICAM A8000 RTU (Remote Terminal Unit) series is a modular device family for remote control and automation applications in all areas of energy supply",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-46304"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014673"
},
{
"db": "CNVD",
"id": "CNVD-2022-56478"
},
{
"db": "VULMON",
"id": "CVE-2021-46304"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-46304",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-185638",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-22-223-05",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU90767165",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014673",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-56478",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4034",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2720",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-46304",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56478"
},
{
"db": "VULMON",
"id": "CVE-2021-46304"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014673"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2720"
},
{
"db": "NVD",
"id": "CVE-2021-46304"
}
]
},
"id": "VAR-202208-0676",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56478"
}
],
"trust": 1.4500000000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56478"
}
]
},
"last_update_date": "2024-08-14T14:17:48.882000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens SICAM A8000 Web Server Module Authentication Bypass Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/343531"
},
{
"title": "Siemens SICAM A8000 CP-8000 Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=247128"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56478"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2720"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014673"
},
{
"db": "NVD",
"id": "CVE-2021-46304"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-185638.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90767165/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46304"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-223-05"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-185638.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-46304/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-223-05"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4034"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/284.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-223-05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-56478"
},
{
"db": "VULMON",
"id": "CVE-2021-46304"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014673"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2720"
},
{
"db": "NVD",
"id": "CVE-2021-46304"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-56478"
},
{
"db": "VULMON",
"id": "CVE-2021-46304"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014673"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2720"
},
{
"db": "NVD",
"id": "CVE-2021-46304"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-56478"
},
{
"date": "2022-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-46304"
},
{
"date": "2023-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014673"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2720"
},
{
"date": "2022-08-10T12:15:11.567000",
"db": "NVD",
"id": "CVE-2021-46304"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-56478"
},
{
"date": "2022-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-46304"
},
{
"date": "2023-09-20T08:33:00",
"db": "JVNDB",
"id": "JVNDB-2022-014673"
},
{
"date": "2023-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2720"
},
{
"date": "2023-07-21T16:52:52.007000",
"db": "NVD",
"id": "CVE-2021-46304"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2720"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerabilities in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014673"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2720"
}
],
"trust": 0.6
}
}
var-202201-0777
Vulnerability from variot
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device. Multiple Siemens products are vulnerable to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SICAM A8000 is an automation application for all areas of remote control and energy supply
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0777",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp-8000 master module with i\\/o -40\\/\\+70",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "cp-8021 master module",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "cp-8000 master module with i\\/o -25\\/\\+70",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "cp-8022 master module with gprs",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "cp-8021 master module",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "cp-8000 master module with i/o - 25/+70",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "cp-8022 master module with gprs",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "cp-8000 master module with i/o - 40/+70",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sicam a8000 cp-8000",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "sicam a8000 cp-8021",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "sicam a8000 cp-8022",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.20"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02750"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003191"
},
{
"db": "NVD",
"id": "CVE-2021-45033"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Messner of Siemens Energy reported these vulnerabilities to Siemens.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-867"
}
],
"trust": 0.6
},
"cve": "CVE-2021-45033",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CVE-2021-45033",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-02750",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-45033",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-45033",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-45033",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-45033",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-02750",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-867",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02750"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003191"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-867"
},
{
"db": "NVD",
"id": "CVE-2021-45033"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions \u003c V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions \u003c V16.20), CP-8021 MASTER MODULE (All versions \u003c V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions \u003c V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device. Multiple Siemens products are vulnerable to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SICAM A8000 is an automation application for all areas of remote control and energy supply",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45033"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003191"
},
{
"db": "CNVD",
"id": "CNVD-2022-02750"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-45033",
"trust": 3.8
},
{
"db": "SIEMENS",
"id": "SSA-324998",
"trust": 2.2
},
{
"db": "ICS CERT",
"id": "ICSA-22-013-02",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU98508242",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003191",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-02750",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011213",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-867",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02750"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003191"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-867"
},
{
"db": "NVD",
"id": "CVE-2021-45033"
}
]
},
"id": "VAR-202201-0777",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02750"
}
],
"trust": 1.31636364
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02750"
}
]
},
"last_update_date": "2024-11-23T19:43:19.058000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-324998",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
},
{
"title": "Patch for Siemens SICAM A8000 Hardcoded Credentials Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/313116"
},
{
"title": "Siemens SICAM A8000 CP-8000 Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178153"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02750"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003191"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-867"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Use hard-coded credentials (CWE-798) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003191"
},
{
"db": "NVD",
"id": "CVE-2021-45033"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45033"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98508242/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-013-02"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011213"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-013-02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02750"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003191"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-867"
},
{
"db": "NVD",
"id": "CVE-2021-45033"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-02750"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003191"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-867"
},
{
"db": "NVD",
"id": "CVE-2021-45033"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-02750"
},
{
"date": "2023-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-003191"
},
{
"date": "2022-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-867"
},
{
"date": "2022-01-11T12:15:10.093000",
"db": "NVD",
"id": "CVE-2021-45033"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-02750"
},
{
"date": "2023-02-10T04:47:00",
"db": "JVNDB",
"id": "JVNDB-2022-003191"
},
{
"date": "2022-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-867"
},
{
"date": "2024-11-21T06:31:50.027000",
"db": "NVD",
"id": "CVE-2021-45033"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-867"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability related to use of hardcoded credentials in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003191"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-867"
}
],
"trust": 0.6
}
}
var-202201-0778
Vulnerability from variot
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links. Multiple Siemens products contain vulnerabilities related to information disclosure from log files.Information may be obtained. SICAM A8000 is an automation application for all areas of remote control and energy supply.
Siemens SICAM A8000 has an access control error vulnerability that could allow attackers to access some previously created log files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0778",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp-8000 master module with i\\/o -40\\/\\+70",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "cp-8021 master module",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "cp-8000 master module with i\\/o -25\\/\\+70",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "cp-8022 master module with gprs",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "cp-8021 master module",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "cp-8000 master module with i/o - 25/+70",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "cp-8022 master module with gprs",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "cp-8000 master module with i/o - 40/+70",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sicam a8000 cp-8000",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "sicam a8000 cp-8021",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "sicam a8000 cp-8022",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.20"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"db": "NVD",
"id": "CVE-2021-45034"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Messner of Siemens Energy reported these vulnerabilities to Siemens.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-868"
}
],
"trust": 0.6
},
"cve": "CVE-2021-45034",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-45034",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-02749",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-45034",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-45034",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-45034",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-45034",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-02749",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-868",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-45034",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"db": "VULMON",
"id": "CVE-2021-45034"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-868"
},
{
"db": "NVD",
"id": "CVE-2021-45034"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions \u003c V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions \u003c V16.20), CP-8021 MASTER MODULE (All versions \u003c V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions \u003c V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links. Multiple Siemens products contain vulnerabilities related to information disclosure from log files.Information may be obtained. SICAM A8000 is an automation application for all areas of remote control and energy supply. \n\r\n\r\nSiemens SICAM A8000 has an access control error vulnerability that could allow attackers to access some previously created log files",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45034"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"db": "VULMON",
"id": "CVE-2021-45034"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-45034",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-324998",
"trust": 2.3
},
{
"db": "PACKETSTORM",
"id": "166743",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-013-02",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU98508242",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003194",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-02749",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011213",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2022040064",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-868",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-45034",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"db": "VULMON",
"id": "CVE-2021-45034"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-868"
},
{
"db": "NVD",
"id": "CVE-2021-45034"
}
]
},
"id": "VAR-202201-0778",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02749"
}
],
"trust": 1.31636364
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02749"
}
]
},
"last_update_date": "2024-11-23T21:04:28.448000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-324998",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
},
{
"title": "Patch for Siemens SICAM A8000 Access Control Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/313111"
},
{
"title": "Siemens SICAM A8000 CP-8000 Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178154"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=d8675b4b15b4f30ad01f1390b99f640f"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"db": "VULMON",
"id": "CVE-2021-45034"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-868"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "CWE-532",
"trust": 1.0
},
{
"problemtype": "Information leakage from log files (CWE-532) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"db": "NVD",
"id": "CVE-2021-45034"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/166743/siemens-a8000-cp-8050-cp-8031-sicam-web-missing-file-download-missing-authentication.html"
},
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/apr/20"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45034"
},
{
"trust": 0.9,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-013-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98508242/index.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011213"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2022040064"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-013-02"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/532.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"db": "VULMON",
"id": "CVE-2021-45034"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-868"
},
{
"db": "NVD",
"id": "CVE-2021-45034"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"db": "VULMON",
"id": "CVE-2021-45034"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-868"
},
{
"db": "NVD",
"id": "CVE-2021-45034"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"date": "2022-01-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45034"
},
{
"date": "2023-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"date": "2022-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-868"
},
{
"date": "2022-01-11T12:15:10.143000",
"db": "NVD",
"id": "CVE-2021-45034"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"date": "2022-04-15T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45034"
},
{
"date": "2023-02-10T05:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"date": "2022-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-868"
},
{
"date": "2024-11-21T06:31:50.140000",
"db": "NVD",
"id": "CVE-2021-45034"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-868"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability related to information leakage from log files in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "log information leak",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-868"
}
],
"trust": 0.6
}
}
cve-2021-45033
Vulnerability from cvelistv5
Published
2022-01-11 11:27
Modified
2024-08-04 04:32
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | CP-8000 MASTER MODULE WITH I/O -25/+70°C |
Version: All versions < V16.20 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16.20"
}
]
},
{
"product": "CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16.20"
}
]
},
{
"product": "CP-8021 MASTER MODULE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16.20"
}
]
},
{
"product": "CP-8022 MASTER MODULE WITH GPRS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions \u003c V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions \u003c V16.20), CP-8021 MASTER MODULE (All versions \u003c V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions \u003c V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-11T11:27:17",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-45033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16.20"
}
]
}
},
{
"product_name": "CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16.20"
}
]
}
},
{
"product_name": "CP-8021 MASTER MODULE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16.20"
}
]
}
},
{
"product_name": "CP-8022 MASTER MODULE WITH GPRS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16.20"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions \u003c V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions \u003c V16.20), CP-8021 MASTER MODULE (All versions \u003c V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions \u003c V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798: Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-45033",
"datePublished": "2022-01-11T11:27:17",
"dateReserved": "2021-12-13T00:00:00",
"dateUpdated": "2024-08-04T04:32:13.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46304
Vulnerability from cvelistv5
Published
2022-08-10 11:17
Modified
2024-08-04 05:02
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions), CP-8021 MASTER MODULE (All versions), CP-8022 MASTER MODULE WITH GPRS (All versions). The component allows to activate a web server module which provides unauthenticated access to its web pages. This could allow an attacker to retrieve debug-level information from the component such as internal network topology or connected systems.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-185638.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | CP-8000 MASTER MODULE WITH I/O -25/+70°C |
Version: All versions |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:02:11.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-185638.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "CP-8021 MASTER MODULE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "CP-8022 MASTER MODULE WITH GPRS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions), CP-8021 MASTER MODULE (All versions), CP-8022 MASTER MODULE WITH GPRS (All versions). The component allows to activate a web server module which provides unauthenticated access to its web pages. This could allow an attacker to retrieve debug-level information from the component such as internal network topology or connected systems."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-10T11:17:23",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-185638.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-46304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "CP-8021 MASTER MODULE",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "CP-8022 MASTER MODULE WITH GPRS",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions), CP-8021 MASTER MODULE (All versions), CP-8022 MASTER MODULE WITH GPRS (All versions). The component allows to activate a web server module which provides unauthenticated access to its web pages. This could allow an attacker to retrieve debug-level information from the component such as internal network topology or connected systems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-185638.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-185638.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-46304",
"datePublished": "2022-08-10T11:17:23",
"dateReserved": "2022-01-14T00:00:00",
"dateUpdated": "2024-08-04T05:02:11.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45034
Vulnerability from cvelistv5
Published
2022-01-11 11:27
Modified
2024-08-04 04:32
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2022/Apr/20 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | CP-8000 MASTER MODULE WITH I/O -25/+70°C |
Version: All versions < V16.20 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
},
{
"name": "20220414 SEC Consult SA-20220413 :: Missing Authentication at File Download \u0026 Denial of Service in Siemens A8000 PLC",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Apr/20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16.20"
}
]
},
{
"product": "CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16.20"
}
]
},
{
"product": "CP-8021 MASTER MODULE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16.20"
}
]
},
{
"product": "CP-8022 MASTER MODULE WITH GPRS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions \u003c V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions \u003c V16.20), CP-8021 MASTER MODULE (All versions \u003c V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions \u003c V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-15T17:06:20",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
},
{
"name": "20220414 SEC Consult SA-20220413 :: Missing Authentication at File Download \u0026 Denial of Service in Siemens A8000 PLC",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Apr/20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-45034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16.20"
}
]
}
},
{
"product_name": "CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16.20"
}
]
}
},
{
"product_name": "CP-8021 MASTER MODULE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16.20"
}
]
}
},
{
"product_name": "CP-8022 MASTER MODULE WITH GPRS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16.20"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions \u003c V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions \u003c V16.20), CP-8021 MASTER MODULE (All versions \u003c V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions \u003c V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
},
{
"name": "20220414 SEC Consult SA-20220413 :: Missing Authentication at File Download \u0026 Denial of Service in Siemens A8000 PLC",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Apr/20"
},
{
"name": "http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-45034",
"datePublished": "2022-01-11T11:27:17",
"dateReserved": "2021-12-13T00:00:00",
"dateUpdated": "2024-08-04T04:32:13.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29884
Vulnerability from cvelistv5
Published
2022-07-12 10:06
Modified
2024-08-03 06:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < CPC80 V16.30), CP-8021 MASTER MODULE (All versions < CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions < CPC80 V16.30). When using the HTTPS server under specific conditions, affected devices do not properly free resources. This could allow an unauthenticated remote attacker to put the device into a denial of service condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-491621.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | CP-8000 MASTER MODULE WITH I/O -25/+70°C |
Version: All versions < CPC80 V16.30 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491621.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c CPC80 V16.30"
}
]
},
{
"product": "CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c CPC80 V16.30"
}
]
},
{
"product": "CP-8021 MASTER MODULE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c CPC80 V16.30"
}
]
},
{
"product": "CP-8022 MASTER MODULE WITH GPRS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c CPC80 V16.30"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions \u003c CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions \u003c CPC80 V16.30), CP-8021 MASTER MODULE (All versions \u003c CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions \u003c CPC80 V16.30). When using the HTTPS server under specific conditions, affected devices do not properly free resources. This could allow an unauthenticated remote attacker to put the device into a denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772: Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-12T10:06:40",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491621.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-29884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C",
"version": {
"version_data": [
{
"version_value": "All versions \u003c CPC80 V16.30"
}
]
}
},
{
"product_name": "CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C",
"version": {
"version_data": [
{
"version_value": "All versions \u003c CPC80 V16.30"
}
]
}
},
{
"product_name": "CP-8021 MASTER MODULE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c CPC80 V16.30"
}
]
}
},
{
"product_name": "CP-8022 MASTER MODULE WITH GPRS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c CPC80 V16.30"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions \u003c CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions \u003c CPC80 V16.30), CP-8021 MASTER MODULE (All versions \u003c CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions \u003c CPC80 V16.30). When using the HTTPS server under specific conditions, affected devices do not properly free resources. This could allow an unauthenticated remote attacker to put the device into a denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-772: Missing Release of Resource after Effective Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-491621.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491621.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-29884",
"datePublished": "2022-07-12T10:06:40",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T06:33:43.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}