VDB

CVE-2018-13798

CVE-2018-13798 PUBLISHED CVSS 7.800000190734863 HIGH

A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the web server. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/TCP or 443/TCP. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the web server. A system reboot is required to recover the web service of the device. At the time of advisory update, exploit code for this security vulnerability is public.

EPSS 0.65% · 71.2th percentile

Risk Scores

CVSS v2.0
7.800000190734863
EPSS Score
0.65%
71.2th percentile

Affected Products

VendorProductVersions
siemenssicam_a8000_cp-8000_firmware0
siemenssicam_a8000_cp-8050_firmware0
Siemens AGSICAM A8000 CP-8000, SICAM A8000 CP-802X, SICAM A8000 CP-8050SICAM A8000 CP-8000 : All versions < V14
Siemens AGSICAM A8000 CP-8050*
siemenssicam_a8000_cp-802x_firmware0
Siemens AGSICAM A8000 CP-802XSICAM A8000 CP-802X : All versions < V14

Timeline

  • Jan 8, 2019 CVE Published
  • Jan 8, 2019 PoC Published
  • Jan 20, 2019 PoC Published
  • Apr 14, 2021 EPSS Score
  • Jun 22, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 25, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 27, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 2, 2022 EPSS Score
  • Nov 5, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›