Vulnerabilities > CVE-2023-36380 - Unspecified vulnerability in Siemens Cp-8031 Firmware and Cp-8050 Firmware

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

siemens

NVD

Published: 2023-10-10

Updated: 2024-11-21

Summary

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected.

Vulnerable Configurations

Part	Description	Count
OS	Siemens Siemens CP 8050 Firmware * Siemens CP 8031 Firmware *	2
Hardware	Siemens Siemens CP 8050 - Siemens CP 8031 -	2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf