Vulnerabilites related to Siemens - SICAM A8000 CP-8021
var-202207-0711
Vulnerability from variot
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < CPC80 V16.30), CP-8021 MASTER MODULE (All versions < CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions < CPC80 V16.30). When using the HTTPS server under specific conditions, affected devices do not properly free resources. This could allow an unauthenticated remote attacker to put the device into a denial of service condition. Siemens' SICAM A8000 CP-8000 firmware, SICAM A8000 CP-8021 firmware, SICAM A8000 CP-8022 A vulnerability exists in firmware for lack of freeing resources after valid lifetime.Service operation interruption (DoS) It may be in a state. The SICAM A8000 RTU (Remote Terminal Unit) series is a modular device family for remote control and automation applications in all areas of energy supply
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0711",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sicam a8000 cp-8000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.30"
},
{
"model": "sicam a8000 cp-8022",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.30"
},
{
"model": "sicam a8000 cp-8021",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.30"
},
{
"model": "sicam a8000 cp-8022",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sicam a8000 cp-8021",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sicam a8000 cp-8000",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "cp-8000 master module with i/o -25/+70\u00b0c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.30"
},
{
"model": "cp-8000 master module with i/o -40/+70\u00b0c",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.30"
},
{
"model": "cp-8021 master module",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.30"
},
{
"model": "cp-8022 master module with gprs",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.30"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"db": "NVD",
"id": "CVE-2022-29884"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Messner from Siemens Energy reported this vulnerability to Siemens.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-941"
}
],
"trust": 0.6
},
"cve": "CVE-2022-29884",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-29884",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-51638",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-29884",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-29884",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-29884",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-29884",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-51638",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-941",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-29884",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"db": "VULMON",
"id": "CVE-2022-29884"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-941"
},
{
"db": "NVD",
"id": "CVE-2022-29884"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions \u003c CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions \u003c CPC80 V16.30), CP-8021 MASTER MODULE (All versions \u003c CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions \u003c CPC80 V16.30). When using the HTTPS server under specific conditions, affected devices do not properly free resources. This could allow an unauthenticated remote attacker to put the device into a denial of service condition. Siemens\u0027 SICAM A8000 CP-8000 firmware, SICAM A8000 CP-8021 firmware, SICAM A8000 CP-8022 A vulnerability exists in firmware for lack of freeing resources after valid lifetime.Service operation interruption (DoS) It may be in a state. The SICAM A8000 RTU (Remote Terminal Unit) series is a modular device family for remote control and automation applications in all areas of energy supply",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-29884"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"db": "VULMON",
"id": "CVE-2022-29884"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-29884",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-491621",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-22-195-14",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU97764115",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013266",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-51638",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071329",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202207-941",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-29884",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"db": "VULMON",
"id": "CVE-2022-29884"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-941"
},
{
"db": "NVD",
"id": "CVE-2022-29884"
}
]
},
"id": "VAR-202207-0711",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51638"
}
],
"trust": 1.3974026
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51638"
}
]
},
"last_update_date": "2024-08-14T13:42:36.694000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens SICAM A8000 CPC80 Exists Unknown Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/339931"
},
{
"title": "Siemens SICAM A8000 CP-8000 Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200067"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-941"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-772",
"trust": 1.0
},
{
"problemtype": "Lack of resource release after valid lifetime (CWE-772) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"db": "NVD",
"id": "CVE-2022-29884"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491621.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97764115/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29884"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-195-14"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-491621.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-29884/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071329"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-195-14"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/772.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-14"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"db": "VULMON",
"id": "CVE-2022-29884"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-941"
},
{
"db": "NVD",
"id": "CVE-2022-29884"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"db": "VULMON",
"id": "CVE-2022-29884"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-941"
},
{
"db": "NVD",
"id": "CVE-2022-29884"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"date": "2022-07-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-29884"
},
{
"date": "2023-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"date": "2022-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-941"
},
{
"date": "2022-07-12T10:15:10.547000",
"db": "NVD",
"id": "CVE-2022-29884"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-51638"
},
{
"date": "2022-07-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-29884"
},
{
"date": "2023-09-06T08:23:00",
"db": "JVNDB",
"id": "JVNDB-2022-013266"
},
{
"date": "2022-07-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-941"
},
{
"date": "2022-07-19T18:18:45.773000",
"db": "NVD",
"id": "CVE-2022-29884"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-941"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lack of Freeing Resources After Valid Lifetime Vulnerability in Multiple Siemens Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013266"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-941"
}
],
"trust": 0.6
}
}
var-202012-0840
Vulnerability from variot
A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V16), SICAM A8000 CP-8021 (All versions < V16), SICAM A8000 CP-8022 (All versions < V16). A web server misconfiguration of the affected device can cause insecure ciphers usage by a user´s browser. An attacker in a privileged position could decrypt the communication and compromise confidentiality and integrity of the transmitted information. SICAM A8000 CP-8000 , SICAM A8000 CP-8021 , SICAM A8000 CP-8022 There is a vulnerability related to a defect in the protection mechanism.Information may be obtained and information may be tampered with. The SIEMENS SICAM A8000 RTUs (Remote Terminal Equipment) series is a modular equipment series for remote control and automation applications in all energy supply fields.
SIEMENS SICAM A8000 RTUs have security vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-0840",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sicam a8000 cp-8022",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16"
},
{
"model": "sicam a8000 cp-8000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16"
},
{
"model": "sicam a8000 cp-8021",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16"
},
{
"model": "sicam a8000 cp-8000",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sicam a8000 cp-8021",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sicam a8000 cp-8022",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sicam a8000 cp-8000",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v16"
},
{
"model": "sicam a8000 cp-8021",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v16"
},
{
"model": "sicam a8000 cp-8022",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v16"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-70926"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014388"
},
{
"db": "NVD",
"id": "CVE-2020-28396"
}
]
},
"cve": "CVE-2020-28396",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CVE-2020-28396",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-70926",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "CVE-2020-28396",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-28396",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-28396",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-28396",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-70926",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-707",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-70926"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014388"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-707"
},
{
"db": "NVD",
"id": "CVE-2020-28396"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SICAM A8000 CP-8000 (All versions \u003c V16), SICAM A8000 CP-8021 (All versions \u003c V16), SICAM A8000 CP-8022 (All versions \u003c V16). A web server misconfiguration of the affected device can cause insecure ciphers usage by a user\u00b4s browser. An attacker in a privileged position could decrypt the communication and compromise confidentiality and integrity of the transmitted information. SICAM A8000 CP-8000 , SICAM A8000 CP-8021 , SICAM A8000 CP-8022 There is a vulnerability related to a defect in the protection mechanism.Information may be obtained and information may be tampered with. The SIEMENS SICAM A8000 RTUs (Remote Terminal Equipment) series is a modular equipment series for remote control and automation applications in all energy supply fields. \n\r\n\r\nSIEMENS SICAM A8000 RTUs have security vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-28396"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014388"
},
{
"db": "CNVD",
"id": "CNVD-2020-70926"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-28396",
"trust": 3.0
},
{
"db": "SIEMENS",
"id": "SSA-415783",
"trust": 2.2
},
{
"db": "ZDI",
"id": "ZDI-21-062",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU90453244",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014388",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-70926",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4359",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-343-07",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202012-707",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-70926"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014388"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-707"
},
{
"db": "NVD",
"id": "CVE-2020-28396"
}
]
},
"id": "VAR-202012-0840",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-70926"
}
],
"trust": 1.3272727333333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-70926"
}
]
},
"last_update_date": "2024-11-23T19:40:48.166000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-415783",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-415783.pdf"
},
{
"title": "Siemens SICAM A8000 RTUs SSL configuration insecure vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/241885"
},
{
"title": "Siemens SICAM A8000 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136206"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-70926"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014388"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-707"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.0
},
{
"problemtype": "CWE-693",
"trust": 1.0
},
{
"problemtype": "Malfunction of protection mechanism (CWE-693) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014388"
},
{
"db": "NVD",
"id": "CVE-2020-28396"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-415783.pdf"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-062/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28396"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90453244/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4359/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-07"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-70926"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014388"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-707"
},
{
"db": "NVD",
"id": "CVE-2020-28396"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-70926"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014388"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-707"
},
{
"db": "NVD",
"id": "CVE-2020-28396"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-70926"
},
{
"date": "2021-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014388"
},
{
"date": "2020-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-707"
},
{
"date": "2020-12-14T21:15:21.067000",
"db": "NVD",
"id": "CVE-2020-28396"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-70926"
},
{
"date": "2021-08-17T08:16:00",
"db": "JVNDB",
"id": "JVNDB-2020-014388"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-707"
},
{
"date": "2024-11-21T05:22:43.117000",
"db": "NVD",
"id": "CVE-2020-28396"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-707"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0SICAM\u00a0 Product protection mechanism defect vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014388"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-707"
}
],
"trust": 0.6
}
}
var-202201-0777
Vulnerability from variot
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device. Multiple Siemens products are vulnerable to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SICAM A8000 is an automation application for all areas of remote control and energy supply
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0777",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp-8000 master module with i\\/o -40\\/\\+70",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "cp-8021 master module",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "cp-8000 master module with i\\/o -25\\/\\+70",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "cp-8022 master module with gprs",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "cp-8021 master module",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "cp-8000 master module with i/o - 25/+70",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "cp-8022 master module with gprs",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "cp-8000 master module with i/o - 40/+70",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sicam a8000 cp-8000",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "sicam a8000 cp-8021",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "sicam a8000 cp-8022",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.20"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02750"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003191"
},
{
"db": "NVD",
"id": "CVE-2021-45033"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Messner of Siemens Energy reported these vulnerabilities to Siemens.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-867"
}
],
"trust": 0.6
},
"cve": "CVE-2021-45033",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CVE-2021-45033",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-02750",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-45033",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-45033",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-45033",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-45033",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-02750",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-867",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02750"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003191"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-867"
},
{
"db": "NVD",
"id": "CVE-2021-45033"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions \u003c V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions \u003c V16.20), CP-8021 MASTER MODULE (All versions \u003c V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions \u003c V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device. Multiple Siemens products are vulnerable to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SICAM A8000 is an automation application for all areas of remote control and energy supply",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45033"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003191"
},
{
"db": "CNVD",
"id": "CNVD-2022-02750"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-45033",
"trust": 3.8
},
{
"db": "SIEMENS",
"id": "SSA-324998",
"trust": 2.2
},
{
"db": "ICS CERT",
"id": "ICSA-22-013-02",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU98508242",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003191",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-02750",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011213",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-867",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02750"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003191"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-867"
},
{
"db": "NVD",
"id": "CVE-2021-45033"
}
]
},
"id": "VAR-202201-0777",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02750"
}
],
"trust": 1.31636364
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02750"
}
]
},
"last_update_date": "2024-11-23T19:43:19.058000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-324998",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
},
{
"title": "Patch for Siemens SICAM A8000 Hardcoded Credentials Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/313116"
},
{
"title": "Siemens SICAM A8000 CP-8000 Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178153"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02750"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003191"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-867"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Use hard-coded credentials (CWE-798) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003191"
},
{
"db": "NVD",
"id": "CVE-2021-45033"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45033"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98508242/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-013-02"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011213"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-013-02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02750"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003191"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-867"
},
{
"db": "NVD",
"id": "CVE-2021-45033"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-02750"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003191"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-867"
},
{
"db": "NVD",
"id": "CVE-2021-45033"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-02750"
},
{
"date": "2023-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-003191"
},
{
"date": "2022-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-867"
},
{
"date": "2022-01-11T12:15:10.093000",
"db": "NVD",
"id": "CVE-2021-45033"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-02750"
},
{
"date": "2023-02-10T04:47:00",
"db": "JVNDB",
"id": "JVNDB-2022-003191"
},
{
"date": "2022-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-867"
},
{
"date": "2024-11-21T06:31:50.027000",
"db": "NVD",
"id": "CVE-2021-45033"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-867"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability related to use of hardcoded credentials in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003191"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-867"
}
],
"trust": 0.6
}
}
var-202201-0778
Vulnerability from variot
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links. Multiple Siemens products contain vulnerabilities related to information disclosure from log files.Information may be obtained. SICAM A8000 is an automation application for all areas of remote control and energy supply.
Siemens SICAM A8000 has an access control error vulnerability that could allow attackers to access some previously created log files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0778",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp-8000 master module with i\\/o -40\\/\\+70",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "cp-8021 master module",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "cp-8000 master module with i\\/o -25\\/\\+70",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "cp-8022 master module with gprs",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "cp-8021 master module",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "cp-8000 master module with i/o - 25/+70",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "cp-8022 master module with gprs",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "cp-8000 master module with i/o - 40/+70",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sicam a8000 cp-8000",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "sicam a8000 cp-8021",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "sicam a8000 cp-8022",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.20"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"db": "NVD",
"id": "CVE-2021-45034"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Messner of Siemens Energy reported these vulnerabilities to Siemens.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-868"
}
],
"trust": 0.6
},
"cve": "CVE-2021-45034",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-45034",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-02749",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-45034",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-45034",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-45034",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-45034",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-02749",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-868",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-45034",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"db": "VULMON",
"id": "CVE-2021-45034"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-868"
},
{
"db": "NVD",
"id": "CVE-2021-45034"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions \u003c V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions \u003c V16.20), CP-8021 MASTER MODULE (All versions \u003c V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions \u003c V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links. Multiple Siemens products contain vulnerabilities related to information disclosure from log files.Information may be obtained. SICAM A8000 is an automation application for all areas of remote control and energy supply. \n\r\n\r\nSiemens SICAM A8000 has an access control error vulnerability that could allow attackers to access some previously created log files",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45034"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"db": "VULMON",
"id": "CVE-2021-45034"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-45034",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-324998",
"trust": 2.3
},
{
"db": "PACKETSTORM",
"id": "166743",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-013-02",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU98508242",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003194",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-02749",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011213",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2022040064",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-868",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-45034",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"db": "VULMON",
"id": "CVE-2021-45034"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-868"
},
{
"db": "NVD",
"id": "CVE-2021-45034"
}
]
},
"id": "VAR-202201-0778",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02749"
}
],
"trust": 1.31636364
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02749"
}
]
},
"last_update_date": "2024-11-23T21:04:28.448000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-324998",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
},
{
"title": "Patch for Siemens SICAM A8000 Access Control Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/313111"
},
{
"title": "Siemens SICAM A8000 CP-8000 Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178154"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=d8675b4b15b4f30ad01f1390b99f640f"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"db": "VULMON",
"id": "CVE-2021-45034"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-868"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "CWE-532",
"trust": 1.0
},
{
"problemtype": "Information leakage from log files (CWE-532) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"db": "NVD",
"id": "CVE-2021-45034"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/166743/siemens-a8000-cp-8050-cp-8031-sicam-web-missing-file-download-missing-authentication.html"
},
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/apr/20"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45034"
},
{
"trust": 0.9,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-013-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98508242/index.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011213"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2022040064"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-013-02"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/532.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"db": "VULMON",
"id": "CVE-2021-45034"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-868"
},
{
"db": "NVD",
"id": "CVE-2021-45034"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"db": "VULMON",
"id": "CVE-2021-45034"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-868"
},
{
"db": "NVD",
"id": "CVE-2021-45034"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"date": "2022-01-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45034"
},
{
"date": "2023-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"date": "2022-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-868"
},
{
"date": "2022-01-11T12:15:10.143000",
"db": "NVD",
"id": "CVE-2021-45034"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"date": "2022-04-15T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45034"
},
{
"date": "2023-02-10T05:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"date": "2022-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-868"
},
{
"date": "2024-11-21T06:31:50.140000",
"db": "NVD",
"id": "CVE-2021-45034"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-868"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability related to information leakage from log files in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "log information leak",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-868"
}
],
"trust": 0.6
}
}
cve-2020-28396
Vulnerability from cvelistv5
Published
2020-12-14 21:05
Modified
2024-08-04 16:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V16), SICAM A8000 CP-8021 (All versions < V16), SICAM A8000 CP-8022 (All versions < V16). A web server misconfiguration of the affected device can cause insecure ciphers usage by a user´s browser. An attacker in a privileged position could decrypt the communication and compromise confidentiality and integrity of the transmitted information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-415783.pdf | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-062/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SICAM A8000 CP-8000 |
Version: All versions < V16 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:59.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-415783.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-062/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SICAM A8000 CP-8000",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16"
}
]
},
{
"product": "SICAM A8000 CP-8021",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16"
}
]
},
{
"product": "SICAM A8000 CP-8022",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SICAM A8000 CP-8000 (All versions \u003c V16), SICAM A8000 CP-8021 (All versions \u003c V16), SICAM A8000 CP-8022 (All versions \u003c V16). A web server misconfiguration of the affected device can cause insecure ciphers usage by a user\u00b4s browser. An attacker in a privileged position could decrypt the communication and compromise confidentiality and integrity of the transmitted information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-14T17:06:09",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-415783.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-062/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-28396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SICAM A8000 CP-8000",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16"
}
]
}
},
{
"product_name": "SICAM A8000 CP-8021",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16"
}
]
}
},
{
"product_name": "SICAM A8000 CP-8022",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SICAM A8000 CP-8000 (All versions \u003c V16), SICAM A8000 CP-8021 (All versions \u003c V16), SICAM A8000 CP-8022 (All versions \u003c V16). A web server misconfiguration of the affected device can cause insecure ciphers usage by a user\u00b4s browser. An attacker in a privileged position could decrypt the communication and compromise confidentiality and integrity of the transmitted information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693: Protection Mechanism Failure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-415783.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-415783.pdf"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-062/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-062/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-28396",
"datePublished": "2020-12-14T21:05:19",
"dateReserved": "2020-11-10T00:00:00",
"dateUpdated": "2024-08-04T16:33:59.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}