Main Vulnerability Database Vulnerabilities #VU75030

Command Injection in SICAM A8000 CP-8031 and SICAM A8000 CP-8050 - CVE-2023-28489

Published: April 12, 2023

Vulnerability identifier: #VU75030

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2023-28489

CWE-ID: CWE-77

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
SICAM A8000 CP-8031
SICAM A8000 CP-8050

Software vendor:
Siemens

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://cert-portal.siemens.com/productcert/pdf/ssa-472454.pdf

Command Injection in SICAM A8000 CP-8031 and SICAM A8000 CP-8050 - CVE-2023-28489

Description

Remediation

External links

Please verify you're human