Vulnerabilities > CVE-2023-33921 - Unspecified vulnerability in Siemens Cpci85 Firmware

CVSS 6.8 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

siemens

NVD

Published: 2023-06-13

Updated: 2023-07-11

Summary

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to login to the device.

Vulnerable Configurations

Part	Description	Count
OS	Siemens Siemens Cpci85 Firmware *	1
Hardware	Siemens Siemens CP 8050 Master Module - Siemens CP 8031 Master Module -	2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf
http://seclists.org/fulldisclosure/2023/Jul/14
http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html