Vulnerability-Lookup

CVE-2023-36380 (GCVE-0-2023-36380)

Vulnerability from cvelistv5 – Published: 2023-10-10 10:21 – Updated: 2025-02-27 20:46

Summary

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE

CWE-798 - Use of Hard-coded Credentials

Assigner

siemens

References

URL

GHSA-MMPJ-F59M-VXP4

Vulnerability from github – Published: 2023-10-10 12:32 – Updated: 2024-04-04 08:27

Details

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH authorized_keys configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected.

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-36380"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-10T11:15:11Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions \u003c CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions \u003c CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected.",
  "id": "GHSA-mmpj-f59m-vxp4",
  "modified": "2024-04-04T08:27:50Z",
  "published": "2023-10-10T12:32:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36380"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-36380

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-36380

Aliases

CVE-2023-36380

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-36380",
    "id": "GSD-2023-36380"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-36380"
      ],
      "details": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions \u003c CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions \u003c CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected.",
      "id": "GSD-2023-36380",
      "modified": "2023-12-13T01:20:34.307232Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2023-36380",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "CP-8031 MASTER MODULE",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c CPCI85 V05.11 (only with activated debug support)"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CP-8050 MASTER MODULE",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c CPCI85 V05.11 (only with activated debug support)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions \u003c CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions \u003c CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-798",
                "lang": "eng",
                "value": "CWE-798: Use of Hard-coded Credentials"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf",
            "refsource": "MISC",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:cp-8050_firmware:*:*:*:*:cpci85:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "05.11",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:cp-8050:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:cp-8031_firmware:*:*:*:*:cpci85:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "05.11",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:cp-8031:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2023-36380"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions \u003c CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions \u003c CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-798"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-10-17T14:23Z",
      "publishedDate": "2023-10-10T11:15Z"
    }
  }
}

CNVD-2023-75592

Vulnerability from cnvd - Published: 2023-10-12

Title

Siemens SICAM A8000设备CPCI85固件硬编码凭据漏洞

Description

SICAM A8000 RTU（远程终端单元）系列是一个模块化设备系列，适用于能源供应各个领域的远程控制和自动化应用。 Siemens SICAM A8000设备CPCI85固件存在硬编码凭据漏洞，攻击者可利用该漏洞通过SSH登录到设备。只有具有已激活调试支持的设备才会受到影响。

Severity

高

Patch Name

Siemens SICAM A8000设备CPCI85固件硬编码凭据漏洞的补丁

Patch Description

SICAM A8000 RTU（远程终端单元）系列是一个模块化设备系列，适用于能源供应各个领域的远程控制和自动化应用。 Siemens SICAM A8000设备CPCI85固件存在硬编码凭据漏洞，攻击者可利用该漏洞通过SSH登录到设备。只有具有已激活调试支持的设备才会受到影响。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://cert-portal.siemens.com/productcert/html/ssa-134651.html

Reference

https://cert-portal.siemens.com/productcert/html/ssa-134651.html

Impacted products

Name
['Siemens CP-8031 MASTER MODULE (6MF2803-1AA00) < CPCI85 V05.11 (only with activated debug support)', 'Siemens CP-8050 MASTER MODULE (6MF2805-0AA00) < CPCI85 V05.11 (only with activated debug support)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-36380"
    }
  },
  "description": "SICAM A8000 RTU\uff08\u8fdc\u7a0b\u7ec8\u7aef\u5355\u5143\uff09\u7cfb\u5217\u662f\u4e00\u4e2a\u6a21\u5757\u5316\u8bbe\u5907\u7cfb\u5217\uff0c\u9002\u7528\u4e8e\u80fd\u6e90\u4f9b\u5e94\u5404\u4e2a\u9886\u57df\u7684\u8fdc\u7a0b\u63a7\u5236\u548c\u81ea\u52a8\u5316\u5e94\u7528\u3002\n\nSiemens SICAM A8000\u8bbe\u5907CPCI85\u56fa\u4ef6\u5b58\u5728\u786c\u7f16\u7801\u51ed\u636e\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7SSH\u767b\u5f55\u5230\u8bbe\u5907\u3002\u53ea\u6709\u5177\u6709\u5df2\u6fc0\u6d3b\u8c03\u8bd5\u652f\u6301\u7684\u8bbe\u5907\u624d\u4f1a\u53d7\u5230\u5f71\u54cd\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-134651.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-75592",
  "openTime": "2023-10-12",
  "patchDescription": "SICAM A8000 RTU\uff08\u8fdc\u7a0b\u7ec8\u7aef\u5355\u5143\uff09\u7cfb\u5217\u662f\u4e00\u4e2a\u6a21\u5757\u5316\u8bbe\u5907\u7cfb\u5217\uff0c\u9002\u7528\u4e8e\u80fd\u6e90\u4f9b\u5e94\u5404\u4e2a\u9886\u57df\u7684\u8fdc\u7a0b\u63a7\u5236\u548c\u81ea\u52a8\u5316\u5e94\u7528\u3002\r\n\r\nSiemens SICAM A8000\u8bbe\u5907CPCI85\u56fa\u4ef6\u5b58\u5728\u786c\u7f16\u7801\u51ed\u636e\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7SSH\u767b\u5f55\u5230\u8bbe\u5907\u3002\u53ea\u6709\u5177\u6709\u5df2\u6fc0\u6d3b\u8c03\u8bd5\u652f\u6301\u7684\u8bbe\u5907\u624d\u4f1a\u53d7\u5230\u5f71\u54cd\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SICAM A8000\u8bbe\u5907CPCI85\u56fa\u4ef6\u786c\u7f16\u7801\u51ed\u636e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens CP-8031 MASTER MODULE (6MF2803-1AA00) \u003c CPCI85 V05.11 (only with activated debug support)",
      "Siemens CP-8050 MASTER MODULE (6MF2805-0AA00) \u003c CPCI85 V05.11 (only with activated debug support)"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-134651.html",
  "serverity": "\u9ad8",
  "submitTime": "2023-10-12",
  "title": "Siemens SICAM A8000\u8bbe\u5907CPCI85\u56fa\u4ef6\u786c\u7f16\u7801\u51ed\u636e\u6f0f\u6d1e"
}

CERTFR-2023-AVI-0819

Vulnerability from certfr_avis - Published: 2023-10-11 - Updated: 2023-10-11

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SINEC NMS versions antérieures à V2.0
Siemens	N/A	SCALANCE W1750D (JP) (6GK5750-2HX01-1AD0) versions antérieures à V8.10.0.6
Siemens	N/A	Simcenter Amesim versions antérieures à V2021.1
Siemens	N/A	Mendix Forgot Password (Mendix 8 compatible) versions antérieures à V4.1.3
Siemens	N/A	Mendix Forgot Password (Mendix 10 compatible) versions antérieures à V5.4.0
Siemens	N/A	SCALANCE W1750D (ROW) (6GK5750-2HX01-1AA0) versions antérieures à V8.10.0.6
Siemens	N/A	Tecnomatix Plant Simulation V2201 versions antérieures à V2201.0009
Siemens	N/A	Mendix Forgot Password (Mendix 9 compatible) versions antérieures à V5.4.0
Siemens	N/A	Parasolid V35.1 versions antérieures à V35.1.250
Siemens	N/A	SIMATIC WinCC OA V3.19 versions antérieures à V3.19 P005
Siemens	N/A	CP-8050 MASTER MODULE (6MF2805-0AA00) versions antérieures à CPCI85 V05.11
Siemens	N/A	CP-8050 MASTER MODULE (6MF2805-0AA00) versions antérieures à CPCI85 V05.11 (uniquement avec le support debug activé)
Siemens	N/A	Parasolid V36.0 versions antérieures à V36.0.169
Siemens	N/A	SIMATIC WinCC OA V3.17 versions antérieures à V3.17 P029
Siemens	N/A	CP-8031 MASTER MODULE (6MF2803-1AA00) versions antérieures à CPCI85 V05.11
Siemens	N/A	Mendix Forgot Password (Mendix 7 compatible) versions antérieures à V3.7.3
Siemens	N/A	CP-8031 MASTER MODULE (6MF2803-1AA00) versions antérieures à CPCI85 V05.11 (uniquement avec le support debug activé)
Siemens	N/A	SICAM PAS/PQS versions supérieures ou égales à V8.00 versions antérieures à V8.22
Siemens	N/A	SIMATIC WinCC OA V3.18 versions antérieures à V3.18 P019
Siemens	N/A	Parasolid V35.0 versions antérieures à V35.0.262
Siemens	N/A	Tecnomatix Plant Simulation V2302 versions antérieures à V2302.0003
Siemens	N/A	SCALANCE W1750D (USA) (6GK5750-2HX01-1AB0) versions antérieures à V8.10.0.6
Siemens	N/A	Xpedition Layout Browser versions antérieures à VX.2.14

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-160243 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Siemens SSA-386812 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Siemens SSA-843070 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Siemens SSA-829656 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Siemens SSA-647455 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Siemens SSA-295483 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Siemens SSA-711309 du 12 septembre 2023	None	vendor-advisory
Bulletin de sécurité Siemens SSA-524778 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Siemens SSA-784849 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Siemens SSA-134651 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Siemens SSA-770890 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Siemens SSA-035466 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Siemens SSA-594373 du 10 octobre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SINEC NMS versions ant\u00e9rieures \u00e0 V2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W1750D (JP) (6GK5750-2HX01-1AD0) versions ant\u00e9rieures \u00e0 V8.10.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Simcenter Amesim versions ant\u00e9rieures \u00e0 V2021.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Forgot Password (Mendix 8 compatible) versions ant\u00e9rieures \u00e0 V4.1.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Forgot Password (Mendix 10 compatible) versions ant\u00e9rieures \u00e0 V5.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W1750D (ROW) (6GK5750-2HX01-1AA0) versions ant\u00e9rieures \u00e0 V8.10.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Tecnomatix Plant Simulation V2201 versions ant\u00e9rieures \u00e0 V2201.0009",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Forgot Password (Mendix 9 compatible) versions ant\u00e9rieures \u00e0 V5.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid V35.1 versions ant\u00e9rieures \u00e0 V35.1.250",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA V3.19 versions ant\u00e9rieures \u00e0 V3.19 P005",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP-8050 MASTER MODULE (6MF2805-0AA00) versions ant\u00e9rieures \u00e0 CPCI85 V05.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP-8050 MASTER MODULE (6MF2805-0AA00) versions ant\u00e9rieures \u00e0 CPCI85 V05.11 (uniquement avec le support debug activ\u00e9)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid V36.0 versions ant\u00e9rieures \u00e0 V36.0.169",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA V3.17 versions ant\u00e9rieures \u00e0 V3.17 P029",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP-8031 MASTER MODULE (6MF2803-1AA00) versions ant\u00e9rieures \u00e0 CPCI85 V05.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Forgot Password (Mendix 7 compatible) versions ant\u00e9rieures \u00e0 V3.7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP-8031 MASTER MODULE (6MF2803-1AA00) versions ant\u00e9rieures \u00e0 CPCI85 V05.11 (uniquement avec le support debug activ\u00e9)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM PAS/PQS versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.00 versions ant\u00e9rieures \u00e0 V8.22",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA V3.18 versions ant\u00e9rieures \u00e0 V3.18 P019",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid V35.0 versions ant\u00e9rieures \u00e0 V35.0.262",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Tecnomatix Plant Simulation V2302 versions ant\u00e9rieures \u00e0 V2302.0003",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W1750D (USA) (6GK5750-2HX01-1AB0) versions ant\u00e9rieures \u00e0 V8.10.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Xpedition Layout Browser versions ant\u00e9rieures \u00e0 VX.2.14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-44081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44081"
    },
    {
      "name": "CVE-2023-22788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22788"
    },
    {
      "name": "CVE-2023-30900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30900"
    },
    {
      "name": "CVE-2023-22783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22783"
    },
    {
      "name": "CVE-2022-30527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30527"
    },
    {
      "name": "CVE-2023-44083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44083"
    },
    {
      "name": "CVE-2023-22785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22785"
    },
    {
      "name": "CVE-2023-45204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45204"
    },
    {
      "name": "CVE-2023-44315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44315"
    },
    {
      "name": "CVE-2023-44086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44086"
    },
    {
      "name": "CVE-2023-45205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45205"
    },
    {
      "name": "CVE-2023-44082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44082"
    },
    {
      "name": "CVE-2023-44084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44084"
    },
    {
      "name": "CVE-2023-37195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37195"
    },
    {
      "name": "CVE-2023-35796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35796"
    },
    {
      "name": "CVE-2023-44085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44085"
    },
    {
      "name": "CVE-2023-22784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22784"
    },
    {
      "name": "CVE-2023-23903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23903"
    },
    {
      "name": "CVE-2023-22378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22378"
    },
    {
      "name": "CVE-2023-22781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22781"
    },
    {
      "name": "CVE-2023-22789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22789"
    },
    {
      "name": "CVE-2023-22790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22790"
    },
    {
      "name": "CVE-2023-22843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22843"
    },
    {
      "name": "CVE-2023-24471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24471"
    },
    {
      "name": "CVE-2023-38640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38640"
    },
    {
      "name": "CVE-2023-24477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24477"
    },
    {
      "name": "CVE-2023-22787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22787"
    },
    {
      "name": "CVE-2023-36380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36380"
    },
    {
      "name": "CVE-2023-42796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42796"
    },
    {
      "name": "CVE-2023-22791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22791"
    },
    {
      "name": "CVE-2023-43625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43625"
    },
    {
      "name": "CVE-2023-22780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22780"
    },
    {
      "name": "CVE-2023-22786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22786"
    },
    {
      "name": "CVE-2023-43623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43623"
    },
    {
      "name": "CVE-2023-24015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24015"
    },
    {
      "name": "CVE-2023-23574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23574"
    },
    {
      "name": "CVE-2023-22779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22779"
    },
    {
      "name": "CVE-2023-44087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44087"
    },
    {
      "name": "CVE-2023-37194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37194"
    },
    {
      "name": "CVE-2023-22782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22782"
    },
    {
      "name": "CVE-2023-45601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45601"
    }
  ],
  "initial_release_date": "2023-10-11T00:00:00",
  "last_revision_date": "2023-10-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0819",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-10-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Siemens\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-160243 du 10 octobre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-035466.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-386812 du 10 octobre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-386812.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-843070 du 10 octobre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-843070.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-829656 du 10 octobre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-594373.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-647455 du 10 octobre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-134651.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-295483 du 10 octobre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-647455.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-711309 du 12 septembre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-711309.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-524778 du 10 octobre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-160243.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-784849 du 10 octobre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-295483.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-134651 du 10 octobre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-524778.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-770890 du 10 octobre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-829656.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-035466 du 10 octobre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-770890.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-594373 du 10 octobre 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-784849.html"
    }
  ]
}

FKIE_CVE-2023-36380

Vulnerability from fkie_nvd - Published: 2023-10-10 11:15 - Updated: 2024-11-21 08:09

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	productcert@siemens.com	https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
siemens	cp-8050_firmware	*
siemens	cp-8050	-
siemens	cp-8031_firmware	*
siemens	cp-8031	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:cp-8050_firmware:*:*:*:*:cpci85:*:*:*",
              "matchCriteriaId": "5DDCBDDD-3936-462A-A93A-696AAEBB4EBA",
              "versionEndExcluding": "05.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:cp-8050:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "929EF3DE-C8E6-49DA-98C0-13AB4C966AA7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:cp-8031_firmware:*:*:*:*:cpci85:*:*:*",
              "matchCriteriaId": "36A1AC2A-A6D1-4C2F-9439-FA093EB6B44D",
              "versionEndExcluding": "05.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:cp-8031:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D24F9EDC-DA14-477D-B9C1-C9BF56E9B057",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions \u003c CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions \u003c CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en: \nCP-8031 MASTER MODULE (Todas las versiones \u0026lt; CPCI85 V05.11 (solo con soporte de depuraci\u00f3n activado)), \nCP-8050 MASTER MODULE (Todas las versiones \u0026lt; CPCI85 V05.11 (solo con soporte de depuraci\u00f3n activado)). \nLos dispositivos afectados contienen una identificaci\u00f3n codificada en el archivo de configuraci\u00f3n SSH `authorized_keys`. Un atacante con conocimiento de la clave privada correspondiente podr\u00eda iniciar sesi\u00f3n en el dispositivo a trav\u00e9s de SSH. S\u00f3lo se ven afectados los dispositivos con soporte de depuraci\u00f3n activado."
    }
  ],
  "id": "CVE-2023-36380",
  "lastModified": "2024-11-21T08:09:38.097",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "productcert@siemens.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-10T11:15:11.817",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-36380 (GCVE-0-2023-36380)

GHSA-MMPJ-F59M-VXP4

GSD-2023-36380

CNVD-2023-75592

CERTFR-2023-AVI-0819

Solution

FKIE_CVE-2023-36380

Tags

Sightings

Nomenclature