CVE-2023-28489

Name of the Vulnerable Software and Affected Versions CP-8031 MASTER MODULE versions prior to CPCI85 V05 CP-8050 MASTER MODULE versions prior to CPCI85 V05

Description The issue is related to insufficient argument checking in the web server of the Siemens SICAM CP-8031 and CP-8050 processor control modules. This can be exploited by a remote attacker to execute arbitrary commands via the web server port 443/tcp if the Remote Operation parameter is enabled. By default, the Remote Operation parameter is disabled. The vulnerability could allow an unauthenticated remote attacker to perform arbitrary code execution on the device.

Recommendations For CP-8031 MASTER MODULE versions prior to CPCI85 V05, update to version CPCI85 V05 or later to resolve the issue. For CP-8050 MASTER MODULE versions prior to CPCI85 V05, update to version CPCI85 V05 or later to resolve the issue. As a temporary workaround, consider disabling the Remote Operation parameter to minimize the risk of exploitation.