What is the vulnerability ID of this vulnerability?

The vulnerability ID is CVE-2023-36380.

What is the severity of CVE-2023-36380?

The severity of CVE-2023-36380 is critical with a CVSS score of 7.8.

Which devices are affected by CVE-2023-36380?

The CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 with activated debug support) and CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 with activated debug support) are affected.

What is the solution for CVE-2023-36380?

The solution for CVE-2023-36380 is to update to version CPCI85 V05.11 or higher.

Where can I find more information about CVE-2023-36380?

You can find more information about CVE-2023-36380 at https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf.

Vulnerability/
CVE-2023-36380

critical

9.8

CWE

798

10/10/2023

17/10/2023

CVE-2023-36380

Q: What is the solution for CVE-2023-36380?

The solution for CVE-2023-36380 is to update to version CPCI85 V05.11 or higher.

Q: Where can I find more information about CVE-2023-36380?

You can find more information about CVE-2023-36380 at https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf.

First published: Tue Oct 10 2023(Updated: )

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected.

Credit: productcert@siemens.com productcert@siemens.com

Affected Software	Affected Version	How to fix
Siemens Cp-8050 Firmware	<05.11
Siemens Cp-8050
Siemens Cp-8031 Firmware	<05.11
Siemens Cp-8031

Never miss a vulnerability like this again

Reference Links

https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2023-36380.
What is the severity of CVE-2023-36380?
The severity of CVE-2023-36380 is critical with a CVSS score of 7.8.
Which devices are affected by CVE-2023-36380?
The CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 with activated debug support) and CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 with activated debug support) are affected.
What is the solution for CVE-2023-36380?
The solution for CVE-2023-36380 is to update to version CPCI85 V05.11 or higher.
Where can I find more information about CVE-2023-36380?
You can find more information about CVE-2023-36380 at https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf.

collector/nvd-api
collector/nvd-index
agent/weakness
agent/references
agent/severity
agent/event
agent/tags
agent/type
agent/author
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/remedy
vendor/siemens
canonical/siemens cp-8050 firmware
canonical/siemens cp-8050
canonical/siemens cp-8031 firmware
canonical/siemens cp-8031

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.