CVE-2023-36380

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:siemens:cp-8050_firmware:*:*:*:*:cpci85:*:*:*

cpe:2.3:h:siemens:cp-8050:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:cp-8031_firmware:*:*:*:*:cpci85:*:*:*

cpe:2.3:h:siemens:cp-8031:-:*:*:*:*:*:*:*

History

17 Oct 2023, 14:23

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : 7.8
First Time		Siemens cp-8031 Siemens Siemens cp-8050 Firmware Siemens cp-8031 Firmware Siemens cp-8050
CPE		cpe:2.3:h:siemens:cp-8050:-:::::::* cpe:2.3:o:siemens:cp-8031_firmware:::::cpci85:::* cpe:2.3:h:siemens:cp-8031:-:::::::* cpe:2.3:o:siemens:cp-8050_firmware:::::cpci85:::*
References	~~(MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf -~~	(MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf - Patch, Vendor Advisory

10 Oct 2023, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-10 11:15

Updated : 2024-02-28 20:33

NVD link : CVE-2023-36380

Mitre link : CVE-2023-36380

CVE.ORG link : CVE-2023-36380

JSON object : View

Products Affected

siemens

cp-8031_firmware
cp-8050
cp-8031
cp-8050_firmware

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2023-36380", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-10-10T11:15:11.817", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en: \nCP-8031 MASTER MODULE (Todas las versiones < CPCI85 V05.11 (solo con soporte de depuraci\u00f3n activado)), \nCP-8050 MASTER MODULE (Todas las versiones < CPCI85 V05.11 (solo con soporte de depuraci\u00f3n activado)). \nLos dispositivos afectados contienen una identificaci\u00f3n codificada en el archivo de configuraci\u00f3n SSH `authorized_keys`. Un atacante con conocimiento de la clave privada correspondiente podr\u00eda iniciar sesi\u00f3n en el dispositivo a trav\u00e9s de SSH. S\u00f3lo se ven afectados los dispositivos con soporte de depuraci\u00f3n activado."}], "lastModified": "2023-10-17T14:23:25.010", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:cp-8050_firmware:*:*:*:*:cpci85:*:*:*", "vulnerable": true, "matchCriteriaId": "5DDCBDDD-3936-462A-A93A-696AAEBB4EBA", "versionEndExcluding": "05.11"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:cp-8050:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "929EF3DE-C8E6-49DA-98C0-13AB4C966AA7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:cp-8031_firmware:*:*:*:*:cpci85:*:*:*", "vulnerable": true, "matchCriteriaId": "36A1AC2A-A6D1-4C2F-9439-FA093EB6B44D", "versionEndExcluding": "05.11"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:cp-8031:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D24F9EDC-DA14-477D-B9C1-C9BF56E9B057"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "productcert@siemens.com"}