CVE-2024-37998

Name of the Vulnerable Software and Affected Versions: CPCI85 Central Processing/Communication versions prior to V5.40 SICORE Base system versions prior to V1.4.0 SICAM CP-8031, CP-8050, SICAM EGS (affected versions not specified)

Description: The issue is related to the lack of necessary authentication checks when resetting passwords, which could allow a remote attacker to gain full control over the device. Specifically, the password of administrative accounts can be reset without knowing the current password if auto-login is enabled. This could enable an unauthorized attacker to obtain administrative access to the affected applications.

Recommendations: For CPCI85 Central Processing/Communication versions prior to V5.40, update to version V5.40 or later to resolve the issue. For SICORE Base system versions prior to V1.4.0, update to version V1.4.0 or later to resolve the issue. For SICAM CP-8031, CP-8050, SICAM EGS, at the moment, there is no information about a newer version that contains a fix for this vulnerability.