SSA-324998 — Vulnetix

SSA-324998 PUBLISHED CVSS 9.899999618530273 CRITICAL

SICAM A8000 devices are impacted by two vulnerabilities. The first one could allow a privileged user to enable a debug port with default credentials. The second vulnerability could allow unauthenticated access to certain previously created log files. Siemens has released updates for the affected products and recommends to update to the latest versions.

Risk Scores

CVSS 3.1

9.899999618530273

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

Affected Products

Vendor	Product	Versions
	CP-8022 MASTER MODULE WITH GPRS (6MF2802-2AA00)
	CP-8000 MASTER MODULE WITH I/O -25/+70°C (6MF2101-0AB10-0AA0)
	CP-8000 MASTER MODULE WITH I/O -40/+70°C (6MF2101-1AB10-0AA0)
	CP-8021 MASTER MODULE (6MF2802-1AA00)

Exploit Intelligence

https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf (circl)
https://cert-portal.siemens.com/productcert/txt/ssa-324998.txt (circl)
https://cert-portal.siemens.com/productcert/csaf/ssa-324998.json (circl)
https://support.industry.siemens.com/cs/ww/en/view/109805670 (circl)

Timeline

CVE Published

References

https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf advisory
https://cert-portal.siemens.com/productcert/txt/ssa-324998.txt advisory
https://cert-portal.siemens.com/productcert/csaf/ssa-324998.json advisory
https://support.industry.siemens.com/cs/ww/en/view/109805670 fix

Open in Interactive Console →