cnvd - cnvd-2024-24522

cnvd-2024-24522

Vulnerability from cnvd

Title: Siemens SICAM产品命令注入漏洞

Description:

SICAM 8 Power automation platform是一种通用的、基于硬件和软件的一体化解决方案，适用于电源领域的所有应用。SICAM A8000 RTU（远程终端单元）系列是一个模块化设备系列，用于能源供应各个领域的遥控和自动化应用。SICAM EGS（增强型电网传感器）是配电网中本地变电站的网关。

Siemens SICAM产品存在命令注入漏洞，攻击者可利用该漏洞以root权限执行任意代码。

Severity: 高

Patch Name: Siemens SICAM产品命令注入漏洞的补丁

Patch Description:

Siemens SICAM产品存在命令注入漏洞，攻击者可利用该漏洞以root权限执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下供应商提供的安全公告获得补丁信息： https://cert-portal.siemens.com/productcert/html/ssa-871704.html

Reference: https://cert-portal.siemens.com/productcert/html/ssa-871704.html

Impacted products

Name
['Siemens CPCI85 Central Processing/Communication < V5.30', 'Siemens OPUPI0 AMQP/MQTT < V5.30']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-31485"
    }
  },
  "description": "SICAM 8 Power automation platform\u662f\u4e00\u79cd\u901a\u7528\u7684\u3001\u57fa\u4e8e\u786c\u4ef6\u548c\u8f6f\u4ef6\u7684\u4e00\u4f53\u5316\u89e3\u51b3\u65b9\u6848\uff0c\u9002\u7528\u4e8e\u7535\u6e90\u9886\u57df\u7684\u6240\u6709\u5e94\u7528\u3002SICAM A8000 RTU\uff08\u8fdc\u7a0b\u7ec8\u7aef\u5355\u5143\uff09\u7cfb\u5217\u662f\u4e00\u4e2a\u6a21\u5757\u5316\u8bbe\u5907\u7cfb\u5217\uff0c\u7528\u4e8e\u80fd\u6e90\u4f9b\u5e94\u5404\u4e2a\u9886\u57df\u7684\u9065\u63a7\u548c\u81ea\u52a8\u5316\u5e94\u7528\u3002SICAM EGS\uff08\u589e\u5f3a\u578b\u7535\u7f51\u4f20\u611f\u5668\uff09\u662f\u914d\u7535\u7f51\u4e2d\u672c\u5730\u53d8\u7535\u7ad9\u7684\u7f51\u5173\u3002\n\nSiemens SICAM\u4ea7\u54c1\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5root\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-871704.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-24522",
  "openTime": "2024-05-30",
  "patchDescription": "SICAM 8 Power automation platform\u662f\u4e00\u79cd\u901a\u7528\u7684\u3001\u57fa\u4e8e\u786c\u4ef6\u548c\u8f6f\u4ef6\u7684\u4e00\u4f53\u5316\u89e3\u51b3\u65b9\u6848\uff0c\u9002\u7528\u4e8e\u7535\u6e90\u9886\u57df\u7684\u6240\u6709\u5e94\u7528\u3002SICAM A8000 RTU\uff08\u8fdc\u7a0b\u7ec8\u7aef\u5355\u5143\uff09\u7cfb\u5217\u662f\u4e00\u4e2a\u6a21\u5757\u5316\u8bbe\u5907\u7cfb\u5217\uff0c\u7528\u4e8e\u80fd\u6e90\u4f9b\u5e94\u5404\u4e2a\u9886\u57df\u7684\u9065\u63a7\u548c\u81ea\u52a8\u5316\u5e94\u7528\u3002SICAM EGS\uff08\u589e\u5f3a\u578b\u7535\u7f51\u4f20\u611f\u5668\uff09\u662f\u914d\u7535\u7f51\u4e2d\u672c\u5730\u53d8\u7535\u7ad9\u7684\u7f51\u5173\u3002\r\n\r\nSiemens SICAM\u4ea7\u54c1\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5root\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SICAM\u4ea7\u54c1\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens CPCI85 Central Processing/Communication \u003c V5.30",
      "Siemens OPUPI0 AMQP/MQTT \u003c V5.30"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-871704.html",
  "serverity": "\u9ad8",
  "submitTime": "2024-05-16",
  "title": "Siemens SICAM\u4ea7\u54c1\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2024-31485 (GCVE-0-2024-31485)

Vulnerability from cvelistv5

Published

2024-05-14 10:02

Modified

2025-02-13 17:47

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Summary

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

References

▼	URL	Tags
	https://cert-portal.siemens.com/productcert/html/ssa-871704.html
	http://seclists.org/fulldisclosure/2024/Jul/4

Impacted products

Vendor

Product

Version

▼

Siemens

CPCI85 Central Processing/Communication

Version: 0 < V5.30

Siemens

SICORE Base system

Version: 0 < V1.3.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:siemens:sicore_base_system:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sicore_base_system",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V1.3.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:siemens:cpci85_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cpci85_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V5.30",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-31485",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-09T18:48:59.342484Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-24T16:56:47.966Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:52:57.134Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-871704.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "CPCI85 Central Processing/Communication",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.30",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SICORE Base system",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V1.3.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions \u003c V5.30), SICORE Base system (All versions \u003c V1.3.0). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-04T06:06:06.143Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-871704.html"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jul/4"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-31485",
    "datePublished": "2024-05-14T10:02:25.052Z",
    "dateReserved": "2024-04-04T11:43:06.066Z",
    "dateUpdated": "2025-02-13T17:47:58.693Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted