PT-2023-3391 · Unknown · Cp-8031 Master Module+1

Christian Hager

Published

2023-06-13

Updated

2024-07-04

CVE-2023-33919

CVSS v2.0

8.3

High

Vector

AV:N/AC:L/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions CP-8031 MASTER MODULE versions prior to CPCI85 V05 CP-8050 MASTER MODULE versions prior to CPCI85 V05

Description A vulnerability has been identified in the web interface of affected devices due to missing server-side input sanitation, making it vulnerable to command injection. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

Recommendations For CP-8031 MASTER MODULE versions prior to CPCI85 V05, update to version CPCI85 V05 or later to resolve the issue. For CP-8050 MASTER MODULE versions prior to CPCI85 V05, update to version CPCI85 V05 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface of affected devices to minimize the risk of exploitation.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

BDU:2023-03559

CVE-2023-33919

Affected Products

Cp-8031 Master Module

Cp-8050 Master Module

PT-2023-3391 · Unknown · Cp-8031 Master Module+1

CVE-2023-33919

Weakness Enumeration

Related Identifiers

Affected Products

References · 11