VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 13, 2023· Updated Nov 3, 2025

CVE-2023-33919

CVE-2023-33919

Description

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Command injection in Siemens CP-8031/8050 web interface allows authenticated privileged remote attacker to execute arbitrary code as root.

Vulnerability

The web interface of Siemens CP-8031 MASTER MODULE (all versions < CPCI85 V05) and CP-8050 MASTER MODULE (all versions < CPCI85 V05) is vulnerable to command injection due to missing server-side input sanitization [1]. This allows an authenticated privileged remote attacker to inject arbitrary commands.

Exploitation

An attacker with authenticated privileged access to the web interface can send specially crafted requests that bypass input validation, leading to command injection. No user interaction is required beyond the initial authentication.

Impact

Successful exploitation allows the attacker to execute arbitrary commands with root privileges, resulting in full compromise of the device's confidentiality, integrity, and availability.

Mitigation

Siemens has released firmware version CPCI85 V05 to address this vulnerability. Users should update to CPCI85 V05 or later. No workarounds are documented in the available references [1].

References
  1. Packet Storm

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

4

News mentions

0

No linked articles in our index yet.