All the vulnerabilites related to Siemens - SICORE Base system
cve-2024-39601
Vulnerability from cvelistv5
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | CPCI85 Central Processing/Communication |
Version: 0 < V5.40 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-39601", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-23T13:22:20.845382Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-23T13:22:30.117Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:26:15.934Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-071402.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "CPCI85 Central Processing/Communication", "vendor": "Siemens", "versions": [ { "lessThan": "V5.40", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SICORE Base system", "vendor": "Siemens", "versions": [ { "lessThan": "V1.4.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions \u003c V5.40), SICORE Base system (All versions \u003c V1.4.0). Affected devices allow a remote authenticated user or an unauthenticated user with physical access to downgrade the firmware of the device. This could allow an attacker to downgrade the device to older versions with known vulnerabilities." } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-22T13:54:50.768Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-071402.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-39601", "datePublished": "2024-07-22T13:54:50.768Z", "dateReserved": "2024-06-26T13:43:16.586Z", "dateUpdated": "2024-08-02T04:26:15.934Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-31485
Vulnerability from cvelistv5
8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | CPCI85 Central Processing/Communication |
Version: 0 < V5.30 |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:siemens:sicore_base_system:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sicore_base_system", "vendor": "siemens", "versions": [ { "lessThan": "V1.3.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:cpci85_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "cpci85_firmware", "vendor": "siemens", "versions": [ { "lessThan": "V5.30", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-31485", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T18:48:59.342484Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-24T16:56:47.966Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:52:57.134Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-871704.html" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jul/4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "CPCI85 Central Processing/Communication", "vendor": "Siemens", "versions": [ { "lessThan": "V5.30", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SICORE Base system", "vendor": "Siemens", "versions": [ { "lessThan": "V1.3.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions \u003c V5.30), SICORE Base system (All versions \u003c V1.3.0). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-14T10:02:25.052Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-871704.html" }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/4" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-31485", "datePublished": "2024-05-14T10:02:25.052Z", "dateReserved": "2024-04-04T11:43:06.066Z", "dateUpdated": "2024-08-02T01:52:57.134Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-37998
Vulnerability from cvelistv5
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | CPCI85 Central Processing/Communication |
Version: 0 < V5.40 |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:siemens:cpci85_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "cpci85_firmware", "vendor": "siemens", "versions": [ { "lessThan": "5.40", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:sicore_base_system:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sicore_base_system", "vendor": "siemens", "versions": [ { "lessThan": "1.4.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-37998", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-24T16:50:47.506327Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-24T16:56:51.191Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:04:24.632Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-071402.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "CPCI85 Central Processing/Communication", "vendor": "Siemens", "versions": [ { "lessThan": "V5.40", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SICORE Base system", "vendor": "Siemens", "versions": [ { "lessThan": "V1.4.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions \u003c V5.40), SICORE Base system (All versions \u003c V1.4.0). The password of administrative accounts of the affected applications can be reset without requiring the knowledge of the current password, given the auto login is enabled. This could allow an unauthorized attacker to obtain administrative access of the affected applications." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 9.3, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-620", "description": "CWE-620: Unverified Password Change", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-22T13:54:49.501Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-071402.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-37998", "datePublished": "2024-07-22T13:54:49.501Z", "dateReserved": "2024-06-11T08:32:52.184Z", "dateUpdated": "2024-08-02T04:04:24.632Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
var-202407-0705
Vulnerability from variot
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts of the affected applications can be reset without requiring the knowledge of the current password, given the auto login is enabled. This could allow an unauthorized attacker to obtain administrative access of the affected applications. SICAM 8 Power automation platform is a universal, all-in-one hardware and software-based solution for all applications in the power supply sector. SICAM A8000 RTUs are modular devices for remote control and automation applications in all energy supply sectors. SICAM EGS is a gateway for local substations in distribution networks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202407-0705", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "cpci85 central processing/communication", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "5.40" }, { "model": "sicore base system", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "1.4.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-33449" } ] }, "cve": "CVE-2024-37998", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2024-33449", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2024-37998", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2024-37998", "trust": 1.0, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2024-33449", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-33449" }, { "db": "NVD", "id": "CVE-2024-37998" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions \u003c V5.40), SICORE Base system (All versions \u003c V1.4.0). The password of administrative accounts of the affected applications can be reset without requiring the knowledge of the current password, given the auto login is enabled. This could allow an unauthorized attacker to obtain administrative access of the affected applications. SICAM 8 Power automation platform is a universal, all-in-one hardware and software-based solution for all applications in the power supply sector. SICAM A8000 RTUs are modular devices for remote control and automation applications in all energy supply sectors. SICAM EGS is a gateway for local substations in distribution networks", "sources": [ { "db": "NVD", "id": "CVE-2024-37998" }, { "db": "CNVD", "id": "CNVD-2024-33449" } ], "trust": 1.44 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SIEMENS", "id": "SSA-071402", "trust": 1.6 }, { "db": "NVD", "id": "CVE-2024-37998", "trust": 1.6 }, { "db": "CNVD", "id": "CNVD-2024-33449", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-33449" }, { "db": "NVD", "id": "CVE-2024-37998" } ] }, "id": "VAR-202407-0705", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2024-33449" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-33449" } ] }, "last_update_date": "2024-08-14T14:42:34.139000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Unauthenticated password reset vulnerability in multiple SICAM products", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/573551" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-33449" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-620", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2024-37998" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-071402.html" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-33449" }, { "db": "NVD", "id": "CVE-2024-37998" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2024-33449" }, { "db": "NVD", "id": "CVE-2024-37998" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-07-23T00:00:00", "db": "CNVD", "id": "CNVD-2024-33449" }, { "date": "2024-07-22T14:15:05.453000", "db": "NVD", "id": "CVE-2024-37998" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-07-23T00:00:00", "db": "CNVD", "id": "CNVD-2024-33449" }, { "date": "2024-07-24T12:55:13.223000", "db": "NVD", "id": "CVE-2024-37998" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unauthenticated password reset vulnerability in multiple SICAM products", "sources": [ { "db": "CNVD", "id": "CNVD-2024-33449" } ], "trust": 0.6 } }
var-202407-0704
Vulnerability from variot
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). Affected devices allow a remote authenticated user or an unauthenticated user with physical access to downgrade the firmware of the device. This could allow an attacker to downgrade the device to older versions with known vulnerabilities. SICAM 8 Power automation platform is a universal, all-in-one hardware and software-based solution for all applications in the power supply sector. SICAM A8000 RTUs are modular devices for remote control and automation applications in all energy supply sectors. SICAM EGS is the gateway for local substations in distribution networks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202407-0704", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "cpci85 central processing/communication", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "5.40" }, { "model": "sicore base system", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "1.4.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-33448" } ] }, "cve": "CVE-2024-39601", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 6.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CNVD-2024-33448", "impactScore": 6.9, "integrityImpact": "COMPLETE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2024-39601", "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2024-39601", "trust": 1.0, "value": "High" }, { "author": "CNVD", "id": "CNVD-2024-33448", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-33448" }, { "db": "NVD", "id": "CVE-2024-39601" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions \u003c V5.40), SICORE Base system (All versions \u003c V1.4.0). Affected devices allow a remote authenticated user or an unauthenticated user with physical access to downgrade the firmware of the device. This could allow an attacker to downgrade the device to older versions with known vulnerabilities. SICAM 8 Power automation platform is a universal, all-in-one hardware and software-based solution for all applications in the power supply sector. SICAM A8000 RTUs are modular devices for remote control and automation applications in all energy supply sectors. SICAM EGS is the gateway for local substations in distribution networks", "sources": [ { "db": "NVD", "id": "CVE-2024-39601" }, { "db": "CNVD", "id": "CNVD-2024-33448" } ], "trust": 1.44 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-39601", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-071402", "trust": 1.6 }, { "db": "CNVD", "id": "CNVD-2024-33448", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-33448" }, { "db": "NVD", "id": "CVE-2024-39601" } ] }, "id": "VAR-202407-0704", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2024-33448" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-33448" } ] }, "last_update_date": "2024-08-14T14:42:34.156000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Multiple SICAM products lack authentication vulnerabilities for key functions", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/573546" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-33448" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-306", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2024-39601" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-071402.html" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-33448" }, { "db": "NVD", "id": "CVE-2024-39601" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2024-33448" }, { "db": "NVD", "id": "CVE-2024-39601" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-07-23T00:00:00", "db": "CNVD", "id": "CNVD-2024-33448" }, { "date": "2024-07-22T14:15:06.107000", "db": "NVD", "id": "CVE-2024-39601" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-07-23T00:00:00", "db": "CNVD", "id": "CNVD-2024-33448" }, { "date": "2024-07-24T12:55:13.223000", "db": "NVD", "id": "CVE-2024-39601" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple SICAM products lack authentication vulnerabilities for key functions", "sources": [ { "db": "CNVD", "id": "CNVD-2024-33448" } ], "trust": 0.6 } }