VDB

CISA-2024-31485

CISA-2024-31485 PUBLISHED CVSS 7.2 HIGH

Reported by siemens · Published May 14, 2024

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

Risk Scores

CVSS 3.1
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
SiemensCPCI85 Central Processing/Communication0
SiemensSICORE Base system0
siemenssicore_base_system0, 0
SiemensCPCI85 Central Processing/Communication0, 0
siemenscpci85_firmware0, 0
SiemensSICORE Base system0, 0

Timeline

  • May 14, 2024 CVE Published
  • Jul 24, 2024 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›