CVE-2021-45034

11.01.2022, 12:15

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
siemens	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 69%

Vendor	Product	Version
siemens	cp-8000_master_module_with_i\/o_-25\/\+70_firmware	𝑥 < 16.20
siemens	cp-8000_master_module_with_i\/o_-40\/\+70_firmware	𝑥 < 16.20
siemens	cp-8021_master_module_firmware	𝑥 < 16.20
siemens	cp-8022_master_module_with_gprs_firmware	𝑥 < 16.20

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

References

http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html

http://seclists.org/fulldisclosure/2022/Apr/20

https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf

http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html

http://seclists.org/fulldisclosure/2022/Apr/20

https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf