VDB
CISA-2024-31485
CISA-2024-31485
PUBLISHED
CVSS 7.2 HIGH
Reported by siemens · Published May 14, 2024
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
Risk Scores
CVSS 3.1
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | CPCI85 Central Processing/Communication | 0 |
| Siemens | SICORE Base system | 0 |
| siemens | sicore_base_system | 0, 0 |
| Siemens | CPCI85 Central Processing/Communication | 0, 0 |
| siemens | cpci85_firmware | 0, 0 |
| Siemens | SICORE Base system | 0, 0 |
Timeline
- May 14, 2024 CVE Published
- Jul 24, 2024 CVE Updated