cnvd - cnvd-2023-75577

cnvd-2023-75577

Vulnerability from cnvd

Title

Siemens SICAM A8000设备CPCI85固件Web服务器路径遍历漏洞

Description

ICAM A8000 RTU（远程终端单元）系列是一个模块化设备系列，适用于能源供应各个领域的远程控制和自动化应用。 Siemens SICAM A8000设备CPCI85固件Web服务器存在路径遍历漏洞，攻击者可利用该漏洞遍历系统上的目录并下载任意文件。通过探查活动会话ID，将权限提升到管理员角色。

Severity

高

Patch Name

Siemens SICAM A8000设备CPCI85固件Web服务器路径遍历漏洞的补丁

Patch Description

ICAM A8000 RTU（远程终端单元）系列是一个模块化设备系列，适用于能源供应各个领域的远程控制和自动化应用。 Siemens SICAM A8000设备CPCI85固件Web服务器存在路径遍历漏洞，攻击者可利用该漏洞遍历系统上的目录并下载任意文件。通过探查活动会话ID，将权限提升到管理员角色。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://cert-portal.siemens.com/productcert/html/ssa-770890.html

Reference

https://cert-portal.siemens.com/productcert/html/ssa-770890.html

Impacted products

Name
['Siemens CP-8031 MASTER MODULE (6MF2803-1AA00) < CPCI85 V05.11', 'Siemens CP-8050 MASTER MODULE (6MF2805-0AA00) < CPCI85 V05.11']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-42796"
    }
  },
  "description": "ICAM A8000 RTU\uff08\u8fdc\u7a0b\u7ec8\u7aef\u5355\u5143\uff09\u7cfb\u5217\u662f\u4e00\u4e2a\u6a21\u5757\u5316\u8bbe\u5907\u7cfb\u5217\uff0c\u9002\u7528\u4e8e\u80fd\u6e90\u4f9b\u5e94\u5404\u4e2a\u9886\u57df\u7684\u8fdc\u7a0b\u63a7\u5236\u548c\u81ea\u52a8\u5316\u5e94\u7528\u3002\n\nSiemens SICAM A8000\u8bbe\u5907CPCI85\u56fa\u4ef6Web\u670d\u52a1\u5668\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u904d\u5386\u7cfb\u7edf\u4e0a\u7684\u76ee\u5f55\u5e76\u4e0b\u8f7d\u4efb\u610f\u6587\u4ef6\u3002\u901a\u8fc7\u63a2\u67e5\u6d3b\u52a8\u4f1a\u8bddID\uff0c\u5c06\u6743\u9650\u63d0\u5347\u5230\u7ba1\u7406\u5458\u89d2\u8272\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-770890.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-75577",
  "openTime": "2023-10-13",
  "patchDescription": "ICAM A8000 RTU\uff08\u8fdc\u7a0b\u7ec8\u7aef\u5355\u5143\uff09\u7cfb\u5217\u662f\u4e00\u4e2a\u6a21\u5757\u5316\u8bbe\u5907\u7cfb\u5217\uff0c\u9002\u7528\u4e8e\u80fd\u6e90\u4f9b\u5e94\u5404\u4e2a\u9886\u57df\u7684\u8fdc\u7a0b\u63a7\u5236\u548c\u81ea\u52a8\u5316\u5e94\u7528\u3002\r\n\r\nSiemens SICAM A8000\u8bbe\u5907CPCI85\u56fa\u4ef6Web\u670d\u52a1\u5668\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u904d\u5386\u7cfb\u7edf\u4e0a\u7684\u76ee\u5f55\u5e76\u4e0b\u8f7d\u4efb\u610f\u6587\u4ef6\u3002\u901a\u8fc7\u63a2\u67e5\u6d3b\u52a8\u4f1a\u8bddID\uff0c\u5c06\u6743\u9650\u63d0\u5347\u5230\u7ba1\u7406\u5458\u89d2\u8272\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SICAM A8000\u8bbe\u5907CPCI85\u56fa\u4ef6Web\u670d\u52a1\u5668\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens CP-8031 MASTER MODULE (6MF2803-1AA00) \u003c CPCI85 V05.11",
      "Siemens CP-8050 MASTER MODULE (6MF2805-0AA00) \u003c CPCI85 V05.11"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-770890.html",
  "serverity": "\u9ad8",
  "submitTime": "2023-10-11",
  "title": "Siemens SICAM A8000\u8bbe\u5907CPCI85\u56fa\u4ef6Web\u670d\u52a1\u5668\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}

CVE-2023-42796 (GCVE-0-2023-42796)

Vulnerability from cvelistv5

Published

2023-10-10 10:21

Modified

2025-02-27 20:46

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Summary

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11). The web server of affected devices fails to properly sanitize user input for the /sicweb-ajax/tmproot/ endpoint. This could allow an authenticated remote attacker to traverse directories on the system and download arbitrary files. By exploring active session IDs, the vulnerability could potentially be leveraged to escalate privileges to the administrator role.

References

URL

Tags

https://cert-portal.siemens.com/productcert/pdf/ssa-770890.pdf

Impacted products

Vendor

Product

Version

Siemens

CP-8031 MASTER MODULE

Version: All versions < CPCI85 V05.11

Siemens

CP-8050 MASTER MODULE