Lucene search

[email protected]NVD:CVE-2023-42796

HistoryOct 10, 2023 - 11:15 a.m.

CVE-2023-42796

2023-10-1011:15:12

CWE-22

[email protected]

web.nvd.nist.gov

vulnerability

cp-8031

cp-8051

directory traversal

privilege escalation

web server

user input

authenticated remote attacker

session ids

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

41.8%

JSON

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11). The web server of affected devices fails to properly sanitize user input for the /sicweb-ajax/tmproot/ endpoint.

This could allow an authenticated remote attacker to traverse directories on the system and download arbitrary files. By exploring active session IDs, the vulnerability could potentially be leveraged to escalate privileges to the administrator role.

Affected configurations

Nvd

Node

siemenscp-8050_firmwareRange<05.11cpci85

AND

siemenscp-8050Match-

Node

siemenscp-8031_firmwareRange<05.11cpci85

AND

siemenscp-8031Match-

VendorProductVersionCPE
siemenscp-8050_firmware*cpe:2.3:o:siemens:cp-8050_firmware:*:*:*:*:cpci85:*:*:*
siemenscp-8050-cpe:2.3:h:siemens:cp-8050:-:*:*:*:*:*:*:*
siemenscp-8031_firmware*cpe:2.3:o:siemens:cp-8031_firmware:*:*:*:*:cpci85:*:*:*
siemenscp-8031-cpe:2.3:h:siemens:cp-8031:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	cp-8050_firmware	*	cpe:2.3:o:siemens:cp-8050_firmware:::::cpci85:::*
siemens	cp-8050	-	cpe:2.3:h:siemens:cp-8050:-:::::::*
siemens	cp-8031_firmware	*	cpe:2.3:o:siemens:cp-8031_firmware:::::cpci85:::*
siemens	cp-8031	-	cpe:2.3:h:siemens:cp-8031:-:::::::*