Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11). The web server of affected devices fails to properly sanitize user input for the /sicweb-ajax/tmproot/ endpoint. This could allow an authenticated remote attacker to traverse directories on the system and download arbitrary files. By exploring active session IDs, the vulnerability could potentially be leveraged to escalate privileges to the administrator role.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Siemens CP-8031 路径遍历漏洞
Vulnerability Description
Siemens CP-8031是德国西门子(Siemens)公司的一个工业设备模块。 Siemens CP-8031 MASTER MODULE, CP-8050 MASTER MODULE 存在路径遍历漏洞,该漏洞源于受影响设备的 Web 服务器无法正确清理 /sicweb-ajax/tmproot/ 端点的用户输入。
CVSS Information
N/A
Vulnerability Type
N/A