CVE-2024-31485 - OpenCVE

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Siemens	Cpci85 Firmware Sicore Base System

No data.

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2024/Jul/4
https://cert-portal.siemens.com/productcert/html/ssa-871704.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2024-05-14T10:02:25.052Z

Updated: 2024-08-02T01:52:57.134Z

Reserved: 2024-04-04T11:43:06.066Z

Link: CVE-2024-31485

Vulnrichment

Updated: 2024-06-12T15:24:24.537Z

NVD

Status : Awaiting Analysis

Published: 2024-05-14T16:16:51.033

Modified: 2024-07-04T07:15:10.720

Link: CVE-2024-31485

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-31485", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "state": "PUBLISHED", "assignerShortName": "siemens", "dateReserved": "2024-04-04T11:43:06.066Z", "datePublished": "2024-05-14T10:02:25.052Z", "dateUpdated": "2024-08-02T01:52:57.134Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2024-05-14T10:02:25.052Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."}], "affected": [{"vendor": "Siemens", "product": "CPCI85 Central Processing/Communication", "versions": [{"status": "affected", "version": "0", "lessThan": "V5.30", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SICORE Base system", "versions": [{"status": "affected", "version": "0", "lessThan": "V1.3.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH"}}, {"cvssV4_0": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "baseScore": 8.6, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-871704.html"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/4"}]}, "adp": [{"affected": [{"vendor": "siemens", "product": "sicore_base_system", "cpes": ["cpe:2.3:o:siemens:sicore_base_system:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "V1.3.0", "versionType": "custom"}]}, {"vendor": "siemens", "product": "cpci85_firmware", "cpes": ["cpe:2.3:o:siemens:cpci85_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "V5.30", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-09T18:48:59.342484Z", "id": "CVE-2024-31485", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-24T16:56:47.966Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:52:57.134Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-871704.html", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/4", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-31485", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-09T18:48:59.342484Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:siemens:sicore_base_system:*:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "sicore_base_system", "versions": [{"status": "affected", "version": "0", "lessThan": "V1.3.0", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:siemens:cpci85_firmware:*:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "cpci85_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "V5.30", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T15:24:24.537Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV4_0": {"version": "4.0", "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "affected": [{"vendor": "Siemens", "product": "CPCI85 Central Processing/Communication", "versions": [{"status": "affected", "version": "0", "lessThan": "V5.30", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SICORE Base system", "versions": [{"status": "affected", "version": "0", "lessThan": "V1.3.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-871704.html"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/4"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2024-05-14T10:02:25.052Z"}}}, "cveMetadata": {"cveId": "CVE-2024-31485", "state": "PUBLISHED", "dateUpdated": "2024-07-24T16:56:47.966Z", "dateReserved": "2024-04-04T11:43:06.066Z", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "datePublished": "2024-05-14T10:02:25.052Z", "assignerShortName": "siemens"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en CPCI85 Central Processing/Communication (todas las versiones < V5.30), sistema base SICORE (todas las versiones < V1.3.0). La interfaz web de los dispositivos afectados es vulnerable a la inyecci\u00f3n de comandos debido a la falta de sanitizaci\u00f3n de entrada del lado del servidor. Esto podr\u00eda permitir que un atacante remoto con privilegios autenticados ejecute c\u00f3digo arbitrario con privilegios de root."}], "id": "CVE-2024-31485", "lastModified": "2024-07-04T07:15:10.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "productcert@siemens.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "productcert@siemens.com", "type": "Secondary"}]}, "published": "2024-05-14T16:16:51.033", "references": [{"source": "productcert@siemens.com", "url": "http://seclists.org/fulldisclosure/2024/Jul/4"}, {"source": "productcert@siemens.com", "url": "https://cert-portal.siemens.com/productcert/html/ssa-871704.html"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "productcert@siemens.com", "type": "Primary"}]}