var-202201-0778
Vulnerability from variot
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links. Multiple Siemens products contain vulnerabilities related to information disclosure from log files.Information may be obtained. SICAM A8000 is an automation application for all areas of remote control and energy supply.
Siemens SICAM A8000 has an access control error vulnerability that could allow attackers to access some previously created log files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0778",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp-8000 master module with i\\/o -40\\/\\+70",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "cp-8021 master module",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "cp-8000 master module with i\\/o -25\\/\\+70",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "cp-8022 master module with gprs",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "cp-8021 master module",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "cp-8000 master module with i/o - 25/+70",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "cp-8022 master module with gprs",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "cp-8000 master module with i/o - 40/+70",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sicam a8000 cp-8000",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "sicam a8000 cp-8021",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.20"
},
{
"model": "sicam a8000 cp-8022",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "16.20"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"db": "NVD",
"id": "CVE-2021-45034"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Messner of Siemens Energy reported these vulnerabilities to Siemens.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-868"
}
],
"trust": 0.6
},
"cve": "CVE-2021-45034",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-45034",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-02749",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-45034",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-45034",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-45034",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-45034",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-02749",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-868",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-45034",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"db": "VULMON",
"id": "CVE-2021-45034"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-868"
},
{
"db": "NVD",
"id": "CVE-2021-45034"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions \u003c V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions \u003c V16.20), CP-8021 MASTER MODULE (All versions \u003c V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions \u003c V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links. Multiple Siemens products contain vulnerabilities related to information disclosure from log files.Information may be obtained. SICAM A8000 is an automation application for all areas of remote control and energy supply. \n\r\n\r\nSiemens SICAM A8000 has an access control error vulnerability that could allow attackers to access some previously created log files",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45034"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"db": "VULMON",
"id": "CVE-2021-45034"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-45034",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-324998",
"trust": 2.3
},
{
"db": "PACKETSTORM",
"id": "166743",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-013-02",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU98508242",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003194",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-02749",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011213",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2022040064",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-868",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-45034",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"db": "VULMON",
"id": "CVE-2021-45034"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-868"
},
{
"db": "NVD",
"id": "CVE-2021-45034"
}
]
},
"id": "VAR-202201-0778",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02749"
}
],
"trust": 1.31636364
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02749"
}
]
},
"last_update_date": "2024-11-23T21:04:28.448000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-324998",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
},
{
"title": "Patch for Siemens SICAM A8000 Access Control Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/313111"
},
{
"title": "Siemens SICAM A8000 CP-8000 Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178154"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=d8675b4b15b4f30ad01f1390b99f640f"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"db": "VULMON",
"id": "CVE-2021-45034"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-868"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "CWE-532",
"trust": 1.0
},
{
"problemtype": "Information leakage from log files (CWE-532) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"db": "NVD",
"id": "CVE-2021-45034"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/166743/siemens-a8000-cp-8050-cp-8031-sicam-web-missing-file-download-missing-authentication.html"
},
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/apr/20"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45034"
},
{
"trust": 0.9,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-013-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98508242/index.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011213"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2022040064"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-013-02"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/532.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"db": "VULMON",
"id": "CVE-2021-45034"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-868"
},
{
"db": "NVD",
"id": "CVE-2021-45034"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"db": "VULMON",
"id": "CVE-2021-45034"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-868"
},
{
"db": "NVD",
"id": "CVE-2021-45034"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"date": "2022-01-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45034"
},
{
"date": "2023-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"date": "2022-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-868"
},
{
"date": "2022-01-11T12:15:10.143000",
"db": "NVD",
"id": "CVE-2021-45034"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-02749"
},
{
"date": "2022-04-15T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45034"
},
{
"date": "2023-02-10T05:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-003194"
},
{
"date": "2022-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-868"
},
{
"date": "2024-11-21T06:31:50.140000",
"db": "NVD",
"id": "CVE-2021-45034"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-868"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability related to information leakage from log files in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003194"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "log information leak",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-868"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.