Sign-up

ID

VAR-202401-0853


CVE

CVE-2023-42797


DESCRIPTION

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20). The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being used in succeeding validation steps. By uploading specially crafted network configuration, an authenticated remote attacker could be able to inject commands that are executed on the device with root privileges during device startup.

Trust: 1.0

sources: NVD: CVE-2023-42797

AFFECTED PRODUCTS

vendor:siemensmodel:sicam a8000 cp-8031scope:ltversion:05.20

Trust: 1.0

vendor:siemensmodel:sicam a8000 cp-8050scope:ltversion:05.20

Trust: 1.0

sources: NVD: CVE-2023-42797

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-42797
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2023-42797
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2023-42797
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2023-42797
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.7
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2023-42797 // NVD: CVE-2023-42797

PROBLEMTYPE DATA

problemtype:CWE-908

Trust: 1.0

sources: NVD: CVE-2023-42797

EXTERNAL IDS

db:SIEMENSid:SSA-583634

Trust: 1.0

db:NVDid:CVE-2023-42797

Trust: 1.0

sources: NVD: CVE-2023-42797

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-583634.pdf

Trust: 1.0

sources: NVD: CVE-2023-42797

SOURCES

db:NVDid:CVE-2023-42797

LAST UPDATE DATE

2024-08-14T15:41:25.669000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2023-42797date:2024-01-16T15:29:43.977

SOURCES RELEASE DATE

db:NVDid:CVE-2023-42797date:2024-01-09T10:15:15.320