CVE-2018-13798

A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the web server. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/TCP or 443/TCP. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the web server. A system reboot is required to recover the web service of the device. At the time of advisory update, exploit code for this security vulnerability is public.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:siemens:sicam_a8000_cp-8000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sicam_a8000_cp-8000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:sicam_a8000_cp-802x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sicam_a8000_cp-802x:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:sicam_a8000_cp-8050_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sicam_a8000_cp-8050:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:48

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/pdf/ssa-579309.pdf - Patch, Vendor Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-579309.pdf - Patch, Vendor Advisory

Information

Published : 2019-03-21 19:29

Updated : 2024-11-21 03:48


NVD link : CVE-2018-13798

Mitre link : CVE-2018-13798

CVE.ORG link : CVE-2018-13798


JSON object : View

Products Affected

siemens

  • sicam_a8000_cp-8000_firmware
  • sicam_a8000_cp-8000
  • sicam_a8000_cp-8050_firmware
  • sicam_a8000_cp-802x
  • sicam_a8000_cp-802x_firmware
  • sicam_a8000_cp-8050
CWE
CWE-20

Improper Input Validation