Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2021-45034

Published: 11/01/2022 Updated: 01/07/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Siemens

Vulnerability Summary

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

siemens cp-8000_master_module_with_i\\/o_-25\\/\\+70_firmware

siemens cp-8000_master_module_with_i\\/o_-40\\/\\+70_firmware

siemens cp-8021_master_module_firmware

siemens cp-8022_master_module_with_gprs_firmware

ICS Advisories

Siemens SICAM A8000
Critical Infrastructure Sectors: Energy

Exploits

Exploit DB: Siemens A8000 CP-8050/CP-8031 SICAM WEB Missing File Download / Missing Authentication
Siemens A8000 CP-8050/CP-8031 SICAM WEB suffers from denial of service and a missing authentication vulnerability that allows for file download ...

References

CWE-532https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdfhttp://seclists.org/fulldisclosure/2022/Apr/20http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.htmlhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-013-02
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook