Details of VAR-202412-0457

ID

VAR-202412-0457

CVE

CVE-2024-53832

TITLE

Siemens SICAM A8000 CP-8031 and CP-8050 Firmware Decryption Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-47915

DESCRIPTION

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V05.30). The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the secure element authentication, and then use the secure element as an oracle to decrypt all encrypted update files. SICAM A8000 RTU (Remote Terminal Unit) is a modular device for remote control and automation applications in all energy supply sectors

Trust: 1.44

sources: NVD: CVE-2024-53832 // CNVD: CNVD-2024-47915

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-47915

AFFECTED PRODUCTS

vendor:

siemens

model:

cpci85 central processing/communication

scope:

version:

v05.30

Trust: 0.6

sources: CNVD: CNVD-2024-47915

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2024-53832
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2024-47915
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-47915
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:C/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2024-53832
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2024-47915 // NVD: CVE-2024-53832

PROBLEMTYPE DATA

problemtype:

CWE-522

Trust: 1.0

sources: NVD: CVE-2024-53832

PATCH

title:

Patch for Siemens SICAM A8000 CP-8031 and CP-8050 Firmware Decryption Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/639411

Trust: 0.6

sources: CNVD: CNVD-2024-47915

EXTERNAL IDS

db:	SIEMENS	id:	SSA-128393	Trust: 1.6
db:	NVD	id:	CVE-2024-53832	Trust: 1.6
db:	CNVD	id:	CNVD-2024-47915	Trust: 0.6

sources: CNVD: CNVD-2024-47915 // NVD: CVE-2024-53832

REFERENCES

url:

https://cert-portal.siemens.com/productcert/html/ssa-128393.html

Trust: 1.6

sources: CNVD: CNVD-2024-47915 // NVD: CVE-2024-53832

SOURCES

db:	CNVD	id:	CNVD-2024-47915
db:	NVD	id:	CVE-2024-53832

LAST UPDATE DATE

2024-12-15T23:07:35.494000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-47915	date:	2024-12-12T00:00:00
db:	NVD	id:	CVE-2024-53832	date:	2024-12-10T14:30:46.853

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-47915	date:	2024-12-12T00:00:00
db:	NVD	id:	CVE-2024-53832	date:	2024-12-10T14:30:46.853