CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-31485: A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0)....

7.2 CVSS

Description

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

Classification

CVE ID: CVE-2024-31485

CVSS Base Severity: HIGH

CVSS Base Score: 7.2

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor: Siemens

Product: CPCI85 Central Processing/Communication

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.98% (scored less or equal to compared to others)

EPSS Date: 2025-03-14 (when was this score calculated)

References

https://cert-portal.siemens.com/productcert/html/ssa-871704.html
http://seclists.org/fulldisclosure/2024/Jul/4

Timeline

2025-02-14 00:31:52 UTC
CVE

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0)....