Vulnerabilites related to Siemens - SICAM A8000 CP-8031
cve-2022-27480
Vulnerability from cvelistv5
Published
2022-04-12 09:08
Modified
2024-08-03 05:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-316850.pdf | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2022/Apr/20 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SICAM A8000 CP-8031 |
Version: All versions < V4.80 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:25:32.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-316850.pdf"
},
{
"name": "20220414 SEC Consult SA-20220413 :: Missing Authentication at File Download \u0026 Denial of Service in Siemens A8000 PLC",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Apr/20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SICAM A8000 CP-8031",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.80"
}
]
},
{
"product": "SICAM A8000 CP-8050",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.80"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SICAM A8000 CP-8031 (All versions \u003c V4.80), SICAM A8000 CP-8050 (All versions \u003c V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-15T17:06:19",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-316850.pdf"
},
{
"name": "20220414 SEC Consult SA-20220413 :: Missing Authentication at File Download \u0026 Denial of Service in Siemens A8000 PLC",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Apr/20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-27480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SICAM A8000 CP-8031",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.80"
}
]
}
},
{
"product_name": "SICAM A8000 CP-8050",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.80"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SICAM A8000 CP-8031 (All versions \u003c V4.80), SICAM A8000 CP-8050 (All versions \u003c V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-316850.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-316850.pdf"
},
{
"name": "20220414 SEC Consult SA-20220413 :: Missing Authentication at File Download \u0026 Denial of Service in Siemens A8000 PLC",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Apr/20"
},
{
"name": "http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-27480",
"datePublished": "2022-04-12T09:08:03",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:25:32.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202401-0853
Vulnerability from variot
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20). The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being used in succeeding validation steps.
By uploading specially crafted network configuration, an authenticated remote attacker could be able to inject commands that are executed on the device with root privileges during device startup.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202401-0853",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sicam a8000 cp-8031",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "05.20"
},
{
"model": "sicam a8000 cp-8050",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "05.20"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-42797"
}
]
},
"cve": "CVE-2023-42797",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2023-42797",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "productcert@siemens.com",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.7,
"id": "CVE-2023-42797",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-42797",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2023-42797",
"trust": 1.0,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-42797"
},
{
"db": "NVD",
"id": "CVE-2023-42797"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions \u003c CPCI85 V05.20), CP-8050 MASTER MODULE (All versions \u003c CPCI85 V05.20). The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being used in succeeding validation steps.\r\n\r\nBy uploading specially crafted network configuration, an authenticated remote attacker could be able to inject commands that are executed on the device with root privileges during device startup.",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-42797"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SIEMENS",
"id": "SSA-583634",
"trust": 1.0
},
{
"db": "NVD",
"id": "CVE-2023-42797",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-42797"
}
]
},
"id": "VAR-202401-0853",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.532509165
},
"last_update_date": "2024-08-14T15:41:25.669000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-908",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-42797"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-583634.pdf"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-42797"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-42797"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-09T10:15:15.320000",
"db": "NVD",
"id": "CVE-2023-42797"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-16T15:29:43.977000",
"db": "NVD",
"id": "CVE-2023-42797"
}
]
}
}
var-202204-0109
Vulnerability from variot
A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files. The SICAM A8000 RTU (Remote Terminal Unit) series is used for automation applications in all areas of remote control and energy supply
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-0109",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sicam a8000 cp-8031",
"scope": "lt",
"trust": 1.6,
"vendor": "siemens",
"version": "4.80"
},
{
"model": "sicam a8000 cp-8050",
"scope": "lt",
"trust": 1.6,
"vendor": "siemens",
"version": "4.80"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-28502"
},
{
"db": "NVD",
"id": "CVE-2022-27480"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gerhard Hechenberger,Steffen Robertz, and Thomas Weber of SEC Consult Vulnerability Lab reported this vulnerability to Siemens.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3129"
}
],
"trust": 0.6
},
"cve": "CVE-2022-27480",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-27480",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-28502",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-27480",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-27480",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-28502",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-3129",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-27480",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-28502"
},
{
"db": "VULMON",
"id": "CVE-2022-27480"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3129"
},
{
"db": "NVD",
"id": "CVE-2022-27480"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SICAM A8000 CP-8031 (All versions \u003c V4.80), SICAM A8000 CP-8050 (All versions \u003c V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files. The SICAM A8000 RTU (Remote Terminal Unit) series is used for automation applications in all areas of remote control and energy supply",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-27480"
},
{
"db": "CNVD",
"id": "CNVD-2022-28502"
},
{
"db": "VULMON",
"id": "CVE-2022-27480"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SIEMENS",
"id": "SSA-316850",
"trust": 2.3
},
{
"db": "NVD",
"id": "CVE-2022-27480",
"trust": 2.3
},
{
"db": "PACKETSTORM",
"id": "166743",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-104-10",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-28502",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2022040064",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3129",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-27480",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-28502"
},
{
"db": "VULMON",
"id": "CVE-2022-27480"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3129"
},
{
"db": "NVD",
"id": "CVE-2022-27480"
}
]
},
"id": "VAR-202204-0109",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-28502"
}
],
"trust": 1.132509165
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-28502"
}
]
},
"last_update_date": "2024-11-23T21:29:50.552000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens SICAM A8000 CP-8050 and CP-8031 Unauthorized Access Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/329171"
},
{
"title": "Siemens SICAM Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=190122"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-28502"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3129"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-425",
"trust": 1.0
},
{
"problemtype": "CWE-862",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-27480"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-316850.pdf"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/166743/siemens-a8000-cp-8050-cp-8031-sicam-web-missing-file-download-missing-authentication.html"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/apr/20"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2022040064"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-104-10"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-27480/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/862.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-28502"
},
{
"db": "VULMON",
"id": "CVE-2022-27480"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3129"
},
{
"db": "NVD",
"id": "CVE-2022-27480"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-28502"
},
{
"db": "VULMON",
"id": "CVE-2022-27480"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3129"
},
{
"db": "NVD",
"id": "CVE-2022-27480"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-28502"
},
{
"date": "2022-04-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-27480"
},
{
"date": "2022-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3129"
},
{
"date": "2022-04-12T09:15:15.103000",
"db": "NVD",
"id": "CVE-2022-27480"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-28502"
},
{
"date": "2022-04-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-27480"
},
{
"date": "2023-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3129"
},
{
"date": "2024-11-21T06:55:48.473000",
"db": "NVD",
"id": "CVE-2022-27480"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3129"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SICAM A8000 CP-8050 and CP-8031 Unauthorized Access Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-28502"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3129"
}
],
"trust": 0.6
}
}