← back
CVE-2023-33919

CVE-2023-33919

CVSS 7.2 HIGHEPSS 47.7%CWE-77
In short

A web interface flaw in CP-8031 and CP-8050 devices allows an authenticated administrator to run malicious commands with full system access by sending specially crafted input. This gives attackers complete control over the affected device.

Technical detail

The web interface fails to sanitize user input on the server side, enabling command injection attacks. An authenticated attacker with administrative privileges can inject arbitrary OS commands that execute with root-level access, leading to complete system compromise.

Summary generated and translated by AI from the official description.
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected products
Siemens · CP-8031 MASTER MODULESiemens · CP-8050 MASTER MODULE

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdfhttp://seclists.org/fulldisclosure/2023/Jul/14http://seclists.org/fulldisclosure/2024/Jul/4http://seclists.org/fulldisclosure/2025/Feb/19