Vulnerability-Lookup

CVE-2021-45034 (GCVE-0-2021-45034)

Vulnerability from cvelistv5 – Published: 2022-01-11 11:27 – Updated: 2024-08-04 04:32

Summary

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links.

Severity ?

No CVSS data available.

CWE

CWE-284 - Improper Access Control

Assigner

siemens

References

URL

GSD-2021-45034

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-45034

Aliases

CVE-2021-45034

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-45034",
    "description": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions \u003c V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions \u003c V16.20), CP-8021 MASTER MODULE (All versions \u003c V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions \u003c V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links.",
    "id": "GSD-2021-45034",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2021-45034"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-45034"
      ],
      "details": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions \u003c V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions \u003c V16.20), CP-8021 MASTER MODULE (All versions \u003c V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions \u003c V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links.",
      "id": "GSD-2021-45034",
      "modified": "2023-12-13T01:23:19.727519Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2021-45034",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c V16.20"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c V16.20"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CP-8021 MASTER MODULE",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c V16.20"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CP-8022 MASTER MODULE WITH GPRS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c V16.20"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions \u003c V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions \u003c V16.20), CP-8021 MASTER MODULE (All versions \u003c V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions \u003c V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-284: Improper Access Control"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf",
            "refsource": "MISC",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
          },
          {
            "name": "20220414 SEC Consult SA-20220413 :: Missing Authentication at File Download \u0026 Denial of Service in Siemens A8000 PLC",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2022/Apr/20"
          },
          {
            "name": "http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:cp-8000_master_module_with_i\\/o_-25\\/\\+70_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "16.20",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:cp-8000_master_module_with_i\\/o_-25\\/\\+70:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:cp-8000_master_module_with_i\\/o_-40\\/\\+70_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "16.20",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:cp-8000_master_module_with_i\\/o_-40\\/\\+70:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:cp-8021_master_module_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "16.20",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:cp-8021_master_module:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:cp-8022_master_module_with_gprs_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "16.20",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:cp-8022_master_module_with_gprs:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2021-45034"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions \u003c V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions \u003c V16.20), CP-8021 MASTER MODULE (All versions \u003c V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions \u003c V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-532"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
            },
            {
              "name": "20220414 SEC Consult SA-20220413 :: Missing Authentication at File Download \u0026 Denial of Service in Siemens A8000 PLC",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit",
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Apr/20"
            },
            {
              "name": "http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-07-01T16:21Z",
      "publishedDate": "2022-01-11T12:15Z"
    }
  }
}

GHSA-CCPQ-49JG-PFWR

Vulnerability from github – Published: 2022-01-12 00:01 – Updated: 2022-04-16 00:01

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-45034"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-11T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions \u003c V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions \u003c V16.20), CP-8021 MASTER MODULE (All versions \u003c V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions \u003c V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links.",
  "id": "GHSA-ccpq-49jg-pfwr",
  "modified": "2022-04-16T00:01:44Z",
  "published": "2022-01-12T00:01:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45034"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Apr/20"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2022-AVI-018

Vulnerability from certfr_avis - Published: 2022-01-11 - Updated: 2022-01-11

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	CP-8022 MASTER MODULE, versions antérieures à 16.20
Siemens	N/A	PLUSCONTROL première génération, toutes les versions, se référer au bulletin de sécurité de l'éditeur afin d'appliquer les mesures de contournement
Siemens	N/A	CP-8021 MASTER MODULE, versions antérieures à 16.20
Siemens	N/A	SIPROTEC 5 depuis la gamme 6MD85 jusqu'à la gamme 7VK87, vérifier l'avis ssa-439673 pour identifier plus précisément les gammes vulnérables, versions antérieures à 8.83
Siemens	N/A	SIPROTEC 5 Compact 7SX800, versions antérieures à 8.83
Siemens	N/A	CP-8000 MASTER MODULE -40 à +70°C, versions antérieures à 16.20
Siemens	N/A	SICAM PQ Analyzer, versions antérieures à 3.18
Siemens	N/A	COMOS Web, versions antérieures à 10.4.1
Siemens	N/A	CP-8000 MASTER -25 à +70°C, versions antérieures à 16.20

References

Title

Publication Time

FKIE_CVE-2021-45034

Vulnerability from fkie_nvd - Published: 2022-01-11 12:15 - Updated: 2024-11-21 06:31

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
productcert@siemens.com	http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html	Exploit, Third Party Advisory, VDB Entry
productcert@siemens.com	http://seclists.org/fulldisclosure/2022/Apr/20	Exploit, Mailing List, Third Party Advisory
productcert@siemens.com	https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2022/Apr/20	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
siemens	cp-8000_master_module_with_i\/o_-25\/\+70_firmware	*
siemens	cp-8000_master_module_with_i\/o_-25\/\+70	*
siemens	cp-8000_master_module_with_i\/o_-40\/\+70_firmware	*
siemens	cp-8000_master_module_with_i\/o_-40\/\+70	*
siemens	cp-8021_master_module_firmware	*
siemens	cp-8021_master_module	*
siemens	cp-8022_master_module_with_gprs_firmware	*
siemens	cp-8022_master_module_with_gprs	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:cp-8000_master_module_with_i\\/o_-25\\/\\+70_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C5EE859-1395-4644-A272-3CA2823E2D26",
              "versionEndExcluding": "16.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:cp-8000_master_module_with_i\\/o_-25\\/\\+70:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9836DAE0-946B-4B65-98DF-2B82F7F3AF94",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:cp-8000_master_module_with_i\\/o_-40\\/\\+70_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A9D8EE5-3D2C-420C-9969-0910C6FB8342",
              "versionEndExcluding": "16.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:cp-8000_master_module_with_i\\/o_-40\\/\\+70:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A6D94AE-9F7E-46F0-92F6-C651E0EE580B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:cp-8021_master_module_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B97277D-0D30-4914-BA1E-1E5B07153A52",
              "versionEndExcluding": "16.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:cp-8021_master_module:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8820652-44D8-43EF-8865-BE8E7967829E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:cp-8022_master_module_with_gprs_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEA73D9E-CFAD-4DAF-9E34-51DBD2AF6FD6",
              "versionEndExcluding": "16.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:cp-8022_master_module_with_gprs:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6815071-0D49-4288-8128-B9A980ECB64C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions \u003c V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions \u003c V16.20), CP-8021 MASTER MODULE (All versions \u003c V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions \u003c V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en el M\u00d3DULO MASTER CP-8000 CON E/S -25/+70\u00b0C (Todas las versiones anteriores a V16.20), M\u00d3DULO MASTER CP-8000 CON E/S -40/+70\u00b0C (Todas las versiones anteriores a V16.20), M\u00d3DULO MASTER CP-8021 (Todas las versiones anteriores a V16.20), M\u00d3DULO MASTER CP-8022 CON GPRS (Todas las versiones anteriores a V16.20). El servidor web del sistema afectado permite el acceso a los archivos de registro y datos de diagn\u00f3stico generados por un usuario privilegiado. Un atacante no autenticado podr\u00eda acceder a los archivos conociendo los enlaces de descarga correspondientes"
    }
  ],
  "id": "CVE-2021-45034",
  "lastModified": "2024-11-21T06:31:50.140",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-01-11T12:15:10.143",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Apr/20"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Apr/20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2022-02749

Vulnerability from cnvd - Published: 2022-01-12

Title

Siemens SICAM A8000访问控制错误漏洞

Description

SICAM A8000是用于远程控制和能源供应的所有领域的自动化应用。 Siemens SICAM A8000存在访问控制错误漏洞，攻击者可利用该漏洞访问某些以前创建的日志文件。

Severity

中

Patch Name

Siemens SICAM A8000访问控制错误漏洞的补丁

Patch Description

SICAM A8000是用于远程控制和能源供应的所有领域的自动化应用。 Siemens SICAM A8000存在访问控制错误漏洞，攻击者可利用该漏洞访问某些以前创建的日志文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.industry.siemens.com/cs/ww/en/view/109805670

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf

Impacted products

Name
['SIEMENS SICAM A8000 CP-8000 <16.20', 'SIEMENS SICAM A8000 CP-8021 <16.20', 'SIEMENS SICAM A8000 CP-8022 <16.20']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-45034"
    }
  },
  "description": "SICAM A8000\u662f\u7528\u4e8e\u8fdc\u7a0b\u63a7\u5236\u548c\u80fd\u6e90\u4f9b\u5e94\u7684\u6240\u6709\u9886\u57df\u7684\u81ea\u52a8\u5316\u5e94\u7528\u3002\n\nSiemens SICAM A8000\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u67d0\u4e9b\u4ee5\u524d\u521b\u5efa\u7684\u65e5\u5fd7\u6587\u4ef6\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109805670",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-02749",
  "openTime": "2022-01-12",
  "patchDescription": "SICAM A8000\u662f\u7528\u4e8e\u8fdc\u7a0b\u63a7\u5236\u548c\u80fd\u6e90\u4f9b\u5e94\u7684\u6240\u6709\u9886\u57df\u7684\u81ea\u52a8\u5316\u5e94\u7528\u3002\r\n\r\nSiemens SICAM A8000\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u67d0\u4e9b\u4ee5\u524d\u521b\u5efa\u7684\u65e5\u5fd7\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SICAM A8000\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SIEMENS SICAM A8000 CP-8000 \u003c16.20",
      "SIEMENS SICAM A8000 CP-8021 \u003c16.20",
      "SIEMENS SICAM A8000 CP-8022 \u003c16.20"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf",
  "serverity": "\u4e2d",
  "submitTime": "2022-01-12",
  "title": "Siemens SICAM A8000\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-45034 (GCVE-0-2021-45034)

GSD-2021-45034

GHSA-CCPQ-49JG-PFWR

CERTFR-2022-AVI-018

Solution

FKIE_CVE-2021-45034

CNVD-2022-02749

Tags

Sightings

Nomenclature