high
7.8
CWE
20
Advisory Published
Updated

CVE-2018-13798: Input Validation

First published: Thu Mar 21 2019(Updated: )

A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the web server. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/TCP or 443/TCP. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the web server. A system reboot is required to recover the web service of the device. At the time of advisory update, exploit code for this security vulnerability is public.

Credit: productcert@siemens.com

Affected SoftwareAffected VersionHow to fix
Siemens Sicam A8000<14
Siemens Sicam A8000
Siemens Sicam A8000 Cp-802x Firmware<14
Siemens Sicam A8000 Cp-802x Firmware
Siemens SICAM A8000 Device Firmware<2.00
Siemens Sicam A8000 Cp-8050 Firmware

Remedy

https://cert-portal.siemens.com/productcert/pdf/ssa-579309.pdf

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2018-13798?

    CVE-2018-13798 is a vulnerability in SICAM A8000 CP-8000, CP-802X, and CP-8050 that allows an unauthenticated remote attacker to cause a Denial-of-Service (DoS) attack.

  • Which software versions are affected by CVE-2018-13798?

    All versions of SICAM A8000 CP-8000 firmware prior to V14, SICAM A8000 CP-802X firmware prior to V14, and SICAM A8000 CP-8050 firmware prior to V2.00 are affected by CVE-2018-13798.

  • How does CVE-2018-13798 work?

    An unauthenticated remote attacker can send specially crafted network packets to port 80/TCP or 443/TCP, which can trigger the vulnerability and cause a Denial-of-Service (DoS) attack.

  • What is the severity of CVE-2018-13798?

    CVE-2018-13798 has a severity score of 7.5 (High).

  • Is there a fix or patch available for CVE-2018-13798?

    Siemens has released firmware updates to address the vulnerability. Please refer to the Siemens CERT advisory for more information on the available patches.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203