Command Injection Vulnerability in Siemens CP-8031 and CP-8050 Master Modules
CVE-2023-28489

9.8CRITICAL

Key Information:

Vendor: Siemens
Status: Cp-8031 Master Module; Cp-8050 Master Module
Vendor: CVE Published:; 11 April 2023

What is CVE-2023-28489?

A vulnerability exists in the Siemens CP-8031 and CP-8050 Master Modules that exposes the devices to command injection risks through the web server on port 443/tcp. If the 'Remote Operation' parameter is enabled, an unauthenticated remote attacker can exploit this issue to execute arbitrary code on the affected modules. Though this parameter is disabled by default, organizations should ensure that their systems are properly configured and monitored to mitigate potential risks.

Affected Version(s)

CP-8031 MASTER MODULE All versions < CPCI85 V05

CP-8050 MASTER MODULE All versions < CPCI85 V05

References

https://cert-portal.siemens.com/productcert/pdf/ssa-47245...

http://seclists.org/fulldisclosure/2023/Jul/14

http://packetstormsecurity.com/files/173370/Siemens-A8000...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2023
Vulnerability Reserved
Mar 16, 2023