Vulnerabilites related to Siemens - SICAM A8000 CP-8050
cve-2022-27480
Vulnerability from cvelistv5
Published
2022-04-12 09:08
Modified
2024-08-03 05:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-316850.pdf | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2022/Apr/20 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | SICAM A8000 CP-8031 |
Version: All versions < V4.80 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:25:32.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-316850.pdf"
},
{
"name": "20220414 SEC Consult SA-20220413 :: Missing Authentication at File Download \u0026 Denial of Service in Siemens A8000 PLC",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Apr/20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SICAM A8000 CP-8031",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.80"
}
]
},
{
"product": "SICAM A8000 CP-8050",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.80"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SICAM A8000 CP-8031 (All versions \u003c V4.80), SICAM A8000 CP-8050 (All versions \u003c V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-15T17:06:19",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-316850.pdf"
},
{
"name": "20220414 SEC Consult SA-20220413 :: Missing Authentication at File Download \u0026 Denial of Service in Siemens A8000 PLC",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Apr/20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-27480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SICAM A8000 CP-8031",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.80"
}
]
}
},
{
"product_name": "SICAM A8000 CP-8050",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.80"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SICAM A8000 CP-8031 (All versions \u003c V4.80), SICAM A8000 CP-8050 (All versions \u003c V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-316850.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-316850.pdf"
},
{
"name": "20220414 SEC Consult SA-20220413 :: Missing Authentication at File Download \u0026 Denial of Service in Siemens A8000 PLC",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Apr/20"
},
{
"name": "http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-27480",
"datePublished": "2022-04-12T09:08:03",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:25:32.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202401-0853
Vulnerability from variot
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20). The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being used in succeeding validation steps.
By uploading specially crafted network configuration, an authenticated remote attacker could be able to inject commands that are executed on the device with root privileges during device startup.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202401-0853",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sicam a8000 cp-8031",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "05.20"
},
{
"model": "sicam a8000 cp-8050",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "05.20"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-42797"
}
]
},
"cve": "CVE-2023-42797",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2023-42797",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "productcert@siemens.com",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.7,
"id": "CVE-2023-42797",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-42797",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2023-42797",
"trust": 1.0,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-42797"
},
{
"db": "NVD",
"id": "CVE-2023-42797"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions \u003c CPCI85 V05.20), CP-8050 MASTER MODULE (All versions \u003c CPCI85 V05.20). The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being used in succeeding validation steps.\r\n\r\nBy uploading specially crafted network configuration, an authenticated remote attacker could be able to inject commands that are executed on the device with root privileges during device startup.",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-42797"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SIEMENS",
"id": "SSA-583634",
"trust": 1.0
},
{
"db": "NVD",
"id": "CVE-2023-42797",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-42797"
}
]
},
"id": "VAR-202401-0853",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.532509165
},
"last_update_date": "2024-08-14T15:41:25.669000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-908",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-42797"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-583634.pdf"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-42797"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-42797"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-09T10:15:15.320000",
"db": "NVD",
"id": "CVE-2023-42797"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-16T15:29:43.977000",
"db": "NVD",
"id": "CVE-2023-42797"
}
]
}
}
var-201903-1052
Vulnerability from variot
A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the web server. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/TCP or 443/TCP. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the web server. A system reboot is required to recover the web service of the device. At the time of advisory update, exploit code for this security vulnerability is public. SICAM A8000 CP-8000 , CP-802X , CP-8050 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SIEMENS provides solutions to customers in the areas of power generation and transmission and distribution, infrastructure, industrial automation, drives and software with innovations in electrification, automation and digital. A denial of service vulnerability exists in the SIEMENS ICAM A8000 series. Remote attackers may exploit this issue to cause denial-of-service conditions. The following Siemens SICAM A8000 RTU versions are vulnerable: Siemens SICAM A8000 CP-8000 versions prior to 14 Siemens SICAM A8000 CP-802X versions prior to 14 Siemens SICAM A8000 CP-8050 versions prior to 2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1052",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sicam a8000 cp-8000",
"scope": "lt",
"trust": 1.8,
"vendor": "siemens",
"version": "14"
},
{
"model": "sicam a8000 cp-802x",
"scope": "lt",
"trust": 1.8,
"vendor": "siemens",
"version": "14"
},
{
"model": "sicam a8000 cp-8050",
"scope": "lt",
"trust": 1.8,
"vendor": "siemens",
"version": "2.00"
},
{
"model": "sicam a8000 cp-8050",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.00"
},
{
"model": "sicam a8000 cp-8000",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v14"
},
{
"model": "sicam a8000 cp-802x",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v14"
},
{
"model": "sicam a8000 cp-8050",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1"
},
{
"model": "sicam a8000 cp-802x",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "sicam a8000 cp-802x",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "sicam a8000 cp-802x",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "11"
},
{
"model": "sicam a8000 cp-8000",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "sicam a8000 cp-8000",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "sicam a8000 cp-8000",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "11"
},
{
"model": "sicam a8000 cp-8050",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "2"
},
{
"model": "sicam a8000 cp-802x",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "sicam a8000 cp-8000",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sicam a8000 cp 8000",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sicam a8000 cp 802x",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sicam a8000 cp 8050",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d847ef0-463f-11e9-9eec-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00990"
},
{
"db": "BID",
"id": "106955"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015155"
},
{
"db": "NVD",
"id": "CVE-2018-13798"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:sicam_a8000_cp-8000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sicam_a8000_cp-802x_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:sicam_a8000_cp-8050_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015155"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emanuel Duss and Nicolas Heiniger from Compass Security.",
"sources": [
{
"db": "BID",
"id": "106955"
}
],
"trust": 0.3
},
"cve": "CVE-2018-13798",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-13798",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-00990",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "7d847ef0-463f-11e9-9eec-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-13798",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-13798",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-13798",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-00990",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-744",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d847ef0-463f-11e9-9eec-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d847ef0-463f-11e9-9eec-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00990"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015155"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-744"
},
{
"db": "NVD",
"id": "CVE-2018-13798"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SICAM A8000 CP-8000 (All versions \u003c V14), SICAM A8000 CP-802X (All versions \u003c V14), SICAM A8000 CP-8050 (All versions \u003c V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the web server. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/TCP or 443/TCP. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the web server. A system reboot is required to recover the web service of the device. At the time of advisory update, exploit code for this security vulnerability is public. SICAM A8000 CP-8000 , CP-802X , CP-8050 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SIEMENS provides solutions to customers in the areas of power generation and transmission and distribution, infrastructure, industrial automation, drives and software with innovations in electrification, automation and digital. A denial of service vulnerability exists in the SIEMENS ICAM A8000 series. \nRemote attackers may exploit this issue to cause denial-of-service conditions. \nThe following Siemens SICAM A8000 RTU versions are vulnerable:\nSiemens SICAM A8000 CP-8000 versions prior to 14\nSiemens SICAM A8000 CP-802X versions prior to 14\nSiemens SICAM A8000 CP-8050 versions prior to 2",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13798"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015155"
},
{
"db": "CNVD",
"id": "CNVD-2019-00990"
},
{
"db": "BID",
"id": "106955"
},
{
"db": "IVD",
"id": "7d847ef0-463f-11e9-9eec-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-13798",
"trust": 3.5
},
{
"db": "SIEMENS",
"id": "SSA-579309",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-19-038-01",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2019-00990",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201901-744",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015155",
"trust": 0.8
},
{
"db": "BID",
"id": "106955",
"trust": 0.3
},
{
"db": "IVD",
"id": "7D847EF0-463F-11E9-9EEC-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d847ef0-463f-11e9-9eec-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00990"
},
{
"db": "BID",
"id": "106955"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015155"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-744"
},
{
"db": "NVD",
"id": "CVE-2018-13798"
}
]
},
"id": "VAR-201903-1052",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d847ef0-463f-11e9-9eec-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00990"
}
],
"trust": 1.4001359766666668
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7d847ef0-463f-11e9-9eec-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00990"
}
]
},
"last_update_date": "2024-11-23T22:00:05.754000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-579309",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-579309.pdf"
},
{
"title": "SIEMENS ICAM A8000 Series Patch for Denial of Service Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/149599"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00990"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015155"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015155"
},
{
"db": "NVD",
"id": "CVE-2018-13798"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-579309.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13798"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13798"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-038-01"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
},
{
"trust": 0.3,
"url": "https://support.industry.siemens.com/cs/search?search=a8000%20cp8000"
},
{
"trust": 0.3,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-579309.txt"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-038-01"
},
{
"trust": 0.3,
"url": "https://seclists.org/bugtraq/2019/jan/18"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00990"
},
{
"db": "BID",
"id": "106955"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015155"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-744"
},
{
"db": "NVD",
"id": "CVE-2018-13798"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d847ef0-463f-11e9-9eec-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00990"
},
{
"db": "BID",
"id": "106955"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015155"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-744"
},
{
"db": "NVD",
"id": "CVE-2018-13798"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-10T00:00:00",
"db": "IVD",
"id": "7d847ef0-463f-11e9-9eec-000c29342cb1"
},
{
"date": "2019-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-00990"
},
{
"date": "2019-01-08T00:00:00",
"db": "BID",
"id": "106955"
},
{
"date": "2019-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015155"
},
{
"date": "2019-01-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-744"
},
{
"date": "2019-03-21T19:29:00.347000",
"db": "NVD",
"id": "CVE-2018-13798"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-00990"
},
{
"date": "2019-01-08T00:00:00",
"db": "BID",
"id": "106955"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015155"
},
{
"date": "2019-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-744"
},
{
"date": "2024-11-21T03:48:04.097000",
"db": "NVD",
"id": "CVE-2018-13798"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-744"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SICAM Vulnerability related to input validation in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015155"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "7d847ef0-463f-11e9-9eec-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-744"
}
],
"trust": 0.8
}
}
var-202204-0109
Vulnerability from variot
A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files. The SICAM A8000 RTU (Remote Terminal Unit) series is used for automation applications in all areas of remote control and energy supply
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-0109",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sicam a8000 cp-8031",
"scope": "lt",
"trust": 1.6,
"vendor": "siemens",
"version": "4.80"
},
{
"model": "sicam a8000 cp-8050",
"scope": "lt",
"trust": 1.6,
"vendor": "siemens",
"version": "4.80"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-28502"
},
{
"db": "NVD",
"id": "CVE-2022-27480"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gerhard Hechenberger,Steffen Robertz, and Thomas Weber of SEC Consult Vulnerability Lab reported this vulnerability to Siemens.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3129"
}
],
"trust": 0.6
},
"cve": "CVE-2022-27480",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-27480",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-28502",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-27480",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-27480",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-28502",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-3129",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-27480",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-28502"
},
{
"db": "VULMON",
"id": "CVE-2022-27480"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3129"
},
{
"db": "NVD",
"id": "CVE-2022-27480"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SICAM A8000 CP-8031 (All versions \u003c V4.80), SICAM A8000 CP-8050 (All versions \u003c V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files. The SICAM A8000 RTU (Remote Terminal Unit) series is used for automation applications in all areas of remote control and energy supply",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-27480"
},
{
"db": "CNVD",
"id": "CNVD-2022-28502"
},
{
"db": "VULMON",
"id": "CVE-2022-27480"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SIEMENS",
"id": "SSA-316850",
"trust": 2.3
},
{
"db": "NVD",
"id": "CVE-2022-27480",
"trust": 2.3
},
{
"db": "PACKETSTORM",
"id": "166743",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-104-10",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-28502",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2022040064",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3129",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-27480",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-28502"
},
{
"db": "VULMON",
"id": "CVE-2022-27480"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3129"
},
{
"db": "NVD",
"id": "CVE-2022-27480"
}
]
},
"id": "VAR-202204-0109",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-28502"
}
],
"trust": 1.132509165
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-28502"
}
]
},
"last_update_date": "2024-11-23T21:29:50.552000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens SICAM A8000 CP-8050 and CP-8031 Unauthorized Access Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/329171"
},
{
"title": "Siemens SICAM Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=190122"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-28502"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3129"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-425",
"trust": 1.0
},
{
"problemtype": "CWE-862",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-27480"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-316850.pdf"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/166743/siemens-a8000-cp-8050-cp-8031-sicam-web-missing-file-download-missing-authentication.html"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/apr/20"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2022040064"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-104-10"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-27480/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/862.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-28502"
},
{
"db": "VULMON",
"id": "CVE-2022-27480"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3129"
},
{
"db": "NVD",
"id": "CVE-2022-27480"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-28502"
},
{
"db": "VULMON",
"id": "CVE-2022-27480"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3129"
},
{
"db": "NVD",
"id": "CVE-2022-27480"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-28502"
},
{
"date": "2022-04-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-27480"
},
{
"date": "2022-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3129"
},
{
"date": "2022-04-12T09:15:15.103000",
"db": "NVD",
"id": "CVE-2022-27480"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-28502"
},
{
"date": "2022-04-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-27480"
},
{
"date": "2023-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3129"
},
{
"date": "2024-11-21T06:55:48.473000",
"db": "NVD",
"id": "CVE-2022-27480"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3129"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SICAM A8000 CP-8050 and CP-8031 Unauthorized Access Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-28502"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3129"
}
],
"trust": 0.6
}
}