Vulnerability Details CVE-2022-27480
A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html
- http://seclists.org/fulldisclosure/2022/Apr/20
- https://cert-portal.siemens.com/productcert/pdf/ssa-316850.pdf
- http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html
- http://seclists.org/fulldisclosure/2022/Apr/20
- https://cert-portal.siemens.com/productcert/pdf/ssa-316850.pdf
Products affected by CVE-2022-27480
-
cpe:2.3:h:siemens:sicam_a8000_cp-8031:-
-
cpe:2.3:h:siemens:sicam_a8000_cp-8050:-
-
cpe:2.3:o:siemens:sicam_a8000_cp-8031_firmware:-
-
cpe:2.3:o:siemens:sicam_a8000_cp-8031_firmware:04.50
-
cpe:2.3:o:siemens:sicam_a8000_cp-8031_firmware:04.60
-
cpe:2.3:o:siemens:sicam_a8000_cp-8050_firmware:04.50
-
cpe:2.3:o:siemens:sicam_a8000_cp-8050_firmware:04.60
-
cpe:2.3:o:siemens:sicam_a8000_cp-8050_firmware:1.00
-
cpe:2.3:o:siemens:sicam_a8000_cp-8050_firmware:1.20
-
cpe:2.3:o:siemens:sicam_a8000_cp-8050_firmware:2.00