CVE-2023-28489 Vulnerability Details

  /     /     /  

CVE-2023-28489 Metadata Quick Info

CVE Published: 11/04/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: siemens | Vendor: Siemens | Product: CP-8031 MASTER MODULE
Status : PUBLISHED

---

CVE-2023-28489 Description

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Affected devices are vulnerable to command injection via the web server port 443/tcp, if the parameter “Remote Operation” is enabled. The parameter is disabled by default. The vulnerability could allow an unauthenticated remote attacker to perform arbitrary code execution on the device.

Metrics

CVSS Version: 3.1 | Base Score: 9.8 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-77
CWE Name: CWE-77: Improper Neutralization of Special Elements used in a Command ( Command Injection )
Source: Siemens

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).