CVE-2023-36380 - Vulnerability Details - OpenCVE

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Siemens	Cp-8031 Cp-8031 Firmware Cp-8050 Cp-8050 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:siemens:cp-8050_firmware:*:*:*:*:cpci85:*:*:*

cpe:2.3:h:siemens:cp-8050:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:cp-8031_firmware:*:*:*:*:cpci85:*:*:*

cpe:2.3:h:siemens:cp-8031:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf

History

Tue, 04 Mar 2025 03:45:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2023-10-10T10:21:21.786Z

Updated: 2025-02-27T20:46:08.107Z

Reserved: 2023-06-21T12:13:19.577Z

Link: CVE-2023-36380

Vulnrichment

Updated: 2024-08-02T16:45:56.608Z

NVD

Status : Modified

Published: 2023-10-10T11:15:11.817

Modified: 2024-11-21T08:09:38.097

Link: CVE-2023-36380

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-36380", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "state": "PUBLISHED", "assignerShortName": "siemens", "dateReserved": "2023-06-21T12:13:19.577Z", "datePublished": "2023-10-10T10:21:21.786Z", "dateUpdated": "2025-02-27T20:46:08.107Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2023-10-10T10:21:21.786Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected."}], "affected": [{"vendor": "Siemens", "product": "CP-8031 MASTER MODULE", "versions": [{"version": "All versions < CPCI85 V05.11 (only with activated debug support)", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "CP-8050 MASTER MODULE", "versions": [{"version": "All versions < CPCI85 V05.11 (only with activated debug support)", "status": "affected"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-798", "description": "CWE-798: Use of Hard-coded Credentials", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:45:56.608Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-26T21:50:38.711596Z", "id": "CVE-2023-36380", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-27T20:46:08.107Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-36380", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "state": "PUBLISHED", "assignerShortName": "siemens", "dateReserved": "2023-06-21T12:13:19.577Z", "datePublished": "2023-10-10T10:21:21.786Z", "dateUpdated": "2025-02-27T20:46:08.107Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2023-10-10T10:21:21.786Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected."}], "affected": [{"vendor": "Siemens", "product": "CP-8031 MASTER MODULE", "versions": [{"version": "All versions < CPCI85 V05.11 (only with activated debug support)", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "CP-8050 MASTER MODULE", "versions": [{"version": "All versions < CPCI85 V05.11 (only with activated debug support)", "status": "affected"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-798", "description": "CWE-798: Use of Hard-coded Credentials", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:45:56.608Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-36380", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-26T21:50:38.711596Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-26T20:35:27.652Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:cp-8050_firmware:*:*:*:*:cpci85:*:*:*", "matchCriteriaId": "5DDCBDDD-3936-462A-A93A-696AAEBB4EBA", "versionEndExcluding": "05.11", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:cp-8050:-:*:*:*:*:*:*:*", "matchCriteriaId": "929EF3DE-C8E6-49DA-98C0-13AB4C966AA7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:cp-8031_firmware:*:*:*:*:cpci85:*:*:*", "matchCriteriaId": "36A1AC2A-A6D1-4C2F-9439-FA093EB6B44D", "versionEndExcluding": "05.11", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:cp-8031:-:*:*:*:*:*:*:*", "matchCriteriaId": "D24F9EDC-DA14-477D-B9C1-C9BF56E9B057", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en: \nCP-8031 MASTER MODULE (Todas las versiones < CPCI85 V05.11 (solo con soporte de depuraci\u00f3n activado)), \nCP-8050 MASTER MODULE (Todas las versiones < CPCI85 V05.11 (solo con soporte de depuraci\u00f3n activado)). \nLos dispositivos afectados contienen una identificaci\u00f3n codificada en el archivo de configuraci\u00f3n SSH `authorized_keys`. Un atacante con conocimiento de la clave privada correspondiente podr\u00eda iniciar sesi\u00f3n en el dispositivo a trav\u00e9s de SSH. S\u00f3lo se ven afectados los dispositivos con soporte de depuraci\u00f3n activado."}], "id": "CVE-2023-36380", "lastModified": "2024-11-21T08:09:38.097", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "productcert@siemens.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-10T11:15:11.817", "references": [{"source": "productcert@siemens.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "productcert@siemens.com", "type": "Secondary"}]}