Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-45034

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links.

CVE
Open in Source
#vulnerability#web#js#pdf#auth

%PDF-1.5 %���� 1 0 obj << /D [2 0 R /XYZ 70.866 771.024 null] >> endobj 3 0 obj << /D [2 0 R /XYZ 70.866 646.963 null] >> endobj 4 0 obj << /D [2 0 R /XYZ 70.866 586.883 null] >> endobj 5 0 obj << /D [2 0 R /XYZ 70.866 306.406 null] >> endobj 6 0 obj << /D [2 0 R /XYZ 70.866 235.248 null] >> endobj 7 0 obj << /D [8 0 R /XYZ 85.039 369.242 null] >> endobj 9 0 obj << /D [10 0 R /XYZ 70.866 713.397 null] >> endobj 11 0 obj << /S /GoTo /D [2 0 R /Fit] >> endobj 2 0 obj << /Contents 12 0 R /Type /Page /Resources 13 0 R /Parent 14 0 R /Annots [15 0 R 16 0 R 17 0 R 18 0 R 19 0 R 20 0 R 21 0 R 22 0 R 23 0 R 24 0 R 25 0 R 26 0 R 27 0 R 28 0 R] /MediaBox [0 0 595.276 841.89] >> endobj 15 0 obj << /A << /S /URI /Type /Action /URI (https://support.industry.siemens.com/cs/ww/en/view/109805670) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 487.411 518.276 498.828] >> endobj 17 0 obj << /A << /S /URI /Type /Action /URI (https://support.industry.siemens.com/cs/ww/en/view/109805670) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 437.999 518.276 449.417] >> endobj 19 0 obj << /A << /S /URI /Type /Action /URI (https://support.industry.siemens.com/cs/ww/en/view/109805670) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 388.588 518.276 400.005] >> endobj 21 0 obj << /A << /S /URI /Type /Action /URI (https://support.industry.siemens.com/cs/ww/en/view/109805670) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 339.177 518.276 350.594] >> endobj 23 0 obj << /A << /S /GoTo /D (section*.4) >> /Subtype /Link /C [1 0 0] /Type /Annot /H /I /Border [0 0 0] /Rect [488.431 264.139 525.406 275.676] >> endobj 25 0 obj << /A << /S /GoTo /D (section*.2) >> /Subtype /Link /C [1 0 0] /Type /Annot /H /I /Border [0 0 0] /Rect [314.878 234.251 453.357 245.788] >> endobj 26 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/cert/operational-guidelines-industrial-security) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [164.798 143.295 487.754 154.832] >> endobj 27 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/industrialsecurity) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [406.699 113.527 525.406 124.944] >> endobj 13 0 obj << /ProcSet [/PDF /Text] /Font << /F51 29 0 R /F48 30 0 R >> >> endobj 12 0 obj << /Filter /FlateDecode /Length 2712 >> stream x��ZKs�8��W�T�������8Y�ƉW�35�́�h�54��(���o�A��h�<�S{�I@@���_wM�#}8{;9��:2�H*��m�0�RF�$��&��k<����X��T�x�N7�^��8+��]��C�^@’�q��ޣ�{k��j1�L��QFOz�O~9������C8"� ����g_�� ~�%ˆm���� �g�G���� T�lѴ�)!��M͑Q�&��#HD2\����ADꠠ��(7F����=fq�@C��M �?DE�!r�"1"B����e���}�)�H�>GL��)��ks ��������������&/�U�=˳2K���0��1�I�H+q P�V�$��]і$+:� ���8#���(qr�q � ف����w ��XW�9e�� !��1�x���c�X�� ;���A�ӨOAI�������l��٢�n�]R�o�!jNc�)�c�’�.�� !��ɺ�sn�3?K(B��%����j�a◞�q�Z��0�M�/��y_�c?�<�{���੧��e@I�؝���Br�JtD|��� ��_��H��s����j8� �f��?�D�QB2xR؈���T˰��u�����i���*�/��2���̶�cĂ_�m��x�xp��v<:�~vT6� ԾaLWn+a΢���&��u�|a’nCӏ\�X���!��y��f ��되hxj/qiY44N��{��8O};�Y���m��K�M\�_�YyW���:J ���*��ueI^�jd��题�����3Pr[f���� �M�l�;K�;1wd��]��d ;�’/<��b��L���%l*��b��C�R$~{��/����S^m�C����Bk�獪N^$�����U�������8��1�=Fb�i�(���%�u�i�7�Y�D(L�н��Ê�@Ή\��W}5��._�zTg�(d’� O���(��#P,l�C�?}���|r�#�au�������Q�K�� �x�Ęh3=������|2��0��i�b�$(G���1�X[��:4O)d}’�M)s�c5 ��m�q�Z|�?��\~��a�� R�m�@��l�l (#� $�B�C$`��:���Q�OE�y��3jV B�X��SjO�"�J��Ƒ�Rq��G�$ �Nu��i�Z�sD���!�S�SX�]ɾI�$ӯ�j4"0�D�0���x[##p���m{ 0R����7;8�,N3�i��r��0�$\�@4��dl S�������s/�e|5O��"����¿�z9��q9����D�S�S#�\z�T ���7*�y��W�)�,� ��z�?�c>(�9{l��E}pZp�l���<�q3����.`h��Љ��Pum���-�7U"�ȇS�ݥ6�Q�=a�S��b����jUn0��ʿ+����`��,�4e�l�.�"2g�c���{��t=�ni1h�.� �XAi8$�y�R닶���B�J���|%�ʒ�����SiXd�� ���i�\�00$�c���9>L� n�py��k�T�������+��t�� �|���!W�_�<�’�T2���/Kгd�KJz}b�.��!��I���� �D$3�P̂��O��*�M�R�3�0j򊀳W��ʿ��+y-�=�lu" �7b�-��� 8GS����`X�MS�;�0h�>\�ƻp��^��i6�I�=�j�{M����caǩ��WD�’���:އ��ͅ��$؝D�_B�Ad�l�*�aH �W�TCV�Bq�Ww�6���_��|z�u�&1��&��T� s�G\�1��� ��jDC��t �V�� �݇�oIAN�b��rr�a�38�Wk㎢�����7�� t��[�p��q\,Jߓ�:��S�� ’E�H_H��l��˕$���2���SO��Yl D�$=����%:<���������kw�G�;�f}����’��W7�C� �d�U��B������aT]�Κ�f���A�.�Wm-]@�)��_$���=��[[� �ͪ����b:-8ٯ�c�[G�u XW"�7��E�i�kK�YP�� B�9��/^Z�P�p��b4��UP4c~��O�V��Q� ��A�–nڼ�/�oF��ߺ�E�q �Z u���l�� �m�G矯�.��q�$�b�`�I�T8� ��Q�8i��c0�=�l�=@|�J-�������(W�b����ʙm���>��E�Z�1p2EZn{ƻ�8 %��Y�’N��$V85*�0HO8�z�B5U�8YŠUY7�JD��%E���a8�tf���’K����2h�`��NA~�~����╼�,����!���ʟ|o���b3��Ȱ�ʤ��SmK���b󍯫W�j����e��Y1����?|�Q�:x�x��h�gEpEk$(�2d��GW}_ n��u�S7�e��|)�E2{�/e���t����i$�"$�iHV;�{}n�v֖�w�[\��b{а;i*�m�u�3�ݐa+} i��fY���X�l��{�q����׾spN�!�62�)��vZ§4��깻îsgmW�!���vL�x�F��و������K��ݩw8�HN;���v�;�R;�D�=���’���ڶ� #pĨ��7*H���� '���6($�`a���?���]Nę endstream endobj 31 0 obj << /D [2 0 R /XYZ 69.866 808.885 null] >> endobj 30 0 obj << /Subtype /Type1 /FirstChar 2 /Type /Font /BaseFont /FVVNGP+NimbusSanL-Regu /FontDescriptor 32 0 R /Encoding 33 0 R /LastChar 176 /Widths 34 0 R >> endobj 29 0 obj << /Subtype /Type1 /FirstChar 45 /Type /Font /BaseFont /RVQRVH+NimbusSanL-Bold /FontDescriptor 35 0 R /Encoding 33 0 R /LastChar 117 /Widths 36 0 R >> endobj 37 0 obj << /D [2 0 R /XYZ 70.866 536.235 null] >> endobj 16 0 obj << /A << /S /URI /Type /Action /URI (https://support.industry.siemens.com/cs/ww/en/view/109805670) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 473.966 377.209 486.873] >> endobj 18 0 obj << /A << /S /URI /Type /Action /URI (https://support.industry.siemens.com/cs/ww/en/view/109805670) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 424.555 377.209 437.461] >> endobj 20 0 obj << /A << /S /URI /Type /Action /URI (https://support.industry.siemens.com/cs/ww/en/view/109805670) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 375.143 377.209 388.05] >> endobj 22 0 obj << /A << /S /URI /Type /Action /URI (https://support.industry.siemens.com/cs/ww/en/view/109805670) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 325.732 377.209 338.638] >> endobj 24 0 obj << /A << /S /GoTo /D (section*.4) >> /Subtype /Link /C [1 0 0] /Type /Annot /H /I /Border [0 0 0] /Rect [69.87 252.304 193.814 263.721] >> endobj 28 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/industrialsecurity) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [69.87 101.572 146.342 112.759] >> endobj 14 0 obj << /Kids [2 0 R 8 0 R 10 0 R] /Type /Pages /Count 3 >> endobj 38 0 obj << /A << /S /URI /Type /Action /URI (https://www.first.org/cvss/) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [131.954 655.734 248.203 667.27] >> endobj 39 0 obj << /A << /S /URI /Type /Action /URI (https://cwe.mitre.org/) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [69.87 566.07 163.926 577.607] >> endobj 40 0 obj << /A << /S /URI /Type /Action /URI (https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [224.029 467.158 507.302 481.105] >> endobj 41 0 obj << /A << /S /URI /Type /Action /URI (https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [224.029 344.335 507.302 358.283] >> endobj 42 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/cert/advisories) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [69.87 158.433 251.586 169.85] >> endobj 43 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/terms_of_use) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [408.782 611.475 525.406 622.892] >> endobj 44 0 obj << /ProcSet [/PDF /Text] /Font << /F51 29 0 R /F48 30 0 R >> >> endobj 8 0 obj << /Contents 45 0 R /Type /Page /Resources 44 0 R /Parent 14 0 R /Annots [38 0 R 39 0 R 40 0 R 41 0 R 42 0 R] /MediaBox [0 0 595.276 841.89] >> endobj 45 0 obj << /Filter /FlateDecode /Length 2396 >> stream xڵYKs�8��W�dU �ɇn��d4�8^K���d4 K�P����ʿ��(��h�v������ �zK�z���/�Fe�%$ y�-����8 �(I�b��Ƚ��y�׺j�k��\g�&�f�/�H��/E[QPߑ��l�o�|�uӛ�V/�?�^�,���b ��^E"��l}����a�W���ޫ]���DI�қ_��:�x�"��-NJ)َ���b�$Qq24�J c4���Q�ˇ�� 5�D����@���!���B��A����[�Vq$��p3�>���/wF��0`����MDDX�X���JJ>�N>���’1��`��_<���U�A����Y�ž����_UZ"�Ǫ�ZX�pY�]�iǧhq]�_�Ie� -�&�^�̝���i��8�lfk��ӥ��k��Unl�� W$Ij�n�z�vE]a ��MYd��B��g�� ����?u���ˋv ,~���’’���"�*�V�1a�� N������w7�������’�Wń’�%ǟ ���y��ɣ7C��X�0���糏�AXr6��a ��qȂ&�˶���>��6C�ʴm�o�����PWƭ�IkG����}��Z�H X�;f۶���� �oO����|� ڬv!o�ʏ��k\W��^� {Z&a����@W����&�0�/�m�lfΆno���ç+ع�M;�^__����i;R7�Q�Ҷ#��b��t���h�$kSWP�ԥ�Q_SH����{W�Ϟi�m!/u�@��z3��De��� G���!" ��Z��5�b�I���8C��8@�2��E�İ����!s���Z��[&��ޖ9���F;�r ��)� �"T��\Q��K�oA.�2�6�L<fg�xgDG�|eY��kW���I� Cբ�4d�a�QEX_1&c�y^�L��b~"��*�af�f�  3,� 3+\V�!*k��� ��;�O�l�^/n����v%$溬7=0@w&�T9� � 2�j&��s�0iJ���O��Ո���n[(u9"�96 �.�0�[ܗ����\�*�6]�3mp�w0�蕶�,*���N��F�����r(�1`S}lgŽ+�{B/ 6���U�x���+Հ����\��.-J��X�ؑ�?|:�S��vf�;�I�’�Ҷ�’�����(�T�;�����I�������x��G$b�S�&o6��$"9,���;�hʰ�$ �+�A!n��A,W��Z�# � ����T� 4��A�zC&$a1;�d���Sή��B’e,�������=�H Q�u�5�kGRad�p���>��z8f�J��:���>��tK�F��O��d:ką?{����� “��ߓu�ZA�����dz������SL�H���qx�Y�D�F�&P��Z� �iץ�9����Ԁ[R��� ��k�8P X���,C$0���:{HN ���Lǹ����v��e�c����Z��M��+�)B�κ�� .6,f��A�Lwq��Hl� �0t�U׆@ �! ���Aj���� �” p�����8�&�ʓ%����M��?���|x��oG���q��x:����o7��������a:��Lo��M9!Q��y�Җ��(�ǦQ��co����� ���� ΁�4�V�/@Lr I�_��b� �.`q)�hrbr׸�� �B9����ඍU�ip?�ɮ���A>���S�ٲ�-��������zi {�w��E���+\s�����/u�ݩ��S:XB7��H Y�<k�Fk���J),� ���|eb3��Z�:�~���,u�e8e ;|�]�Uլ���b�{��rw�ݖX6�n75��0w�D���93G6UY�.���ޞA���"�"���XB�,���z�z�O��r�nl�8�X<��f�M����Lv� P�w�=�����Hn�����a�g�04�$�.b�ϻ/�����|����n1?�2��T����*5!qxK�ƸOX��y���Ž����.��p���z|䂐H�k�+J� ਃ�V����l�jw� f�z/<7��Ļ�����@�F�Z��J;�_�ߨx֥ ?��-��1��_�Q�}Ȝg&>������T��$�.8��;�� �2r�(��’~� ��X*0�������d�,��h�E�_����[�Ǯ��՟�b�Vkh�TƏﻆtʩ�~�GPe��`0��ư��->��w��)�EE3o�x����’O ��O���J����dh�{�XR����x���2��}��?�8� ��<��tPХ���F���#!v"���|>��%1H$8��7�؉d������so����a)TU�4�9 endstream endobj 46 0 obj << /D [8 0 R /XYZ 69.866 808.885 null] >> endobj 47 0 obj << /D [8 0 R /XYZ 85.039 492.064 null] >> endobj 48 0 obj << /ProcSet [/PDF /Text] /Font << /F51 29 0 R /F48 30 0 R >> >> endobj 10 0 obj << /Contents 49 0 R /Type /Page /Resources 48 0 R /Parent 14 0 R /Annots [43 0 R 50 0 R] /MediaBox [0 0 595.276 841.89] >> endobj 49 0 obj << /Filter /FlateDecode /Length 1049 >> stream xڥV�n�8}�Wy)� /"E�-ۦ�-���.MQ(�l��%�%���wx�l9n��>�"�3��I�y@�������Hk�d0�1�J� � �,��&E�̫&�X�I�v�pL*�7u��M �� ?u�~<�~���.m__ބ`= �Mߏ.��G���s����o$�`�}@0�*�X�e �E�a\����� ��i�H��/���+�AJ�J�’�3�b����4��t ��yL�R��`� .l`����LaA�S$�3�Ր�C�"Ԧڌ�Ɓ*Ƃ�}� 2n��E1q5�%�06&tL)��W )(���"Mڢ�����͏���Rc�䓙RX�Sj%c`+"wzy�qr�BDa��IqW!�0a�D�L���j����#�M-���� f:>��P�$np&x<��eryDL����] �#���v#��k7f2�v�:w��������ik�]��6�}L��v[��AZWYa4���mRT�]�QQy8� ��UY�p�E57\ ;*؁b�X9vp���#�dX�5^��d�2�ǝ#�"����un��~� �4�/�)�ޭ]���tl�v�f�r-�9��yQ%3� l�>x���{�rB@��yq�mB�A=�3� 0\ Q�L|E}9`��K�g ,�?yL��ME5 9u)�h� E/�jS��M�pBP��Y�v&O�a�I��>�IQ����kK��]��n�����"� 鋜���g.N}pqRB,X�z�6m T�Q=s�4����S����KJ��It~���bjm��#��{67W#��h�U� �{~��lB�n<���zyދ��0,��N�����Ω��������@u:�T�s�32ĭ��nw8#�JL*!{Eڕ��i�5GjL��w��6�z.�a���5��,��Q���0BÅ&�z�\s�m���TD蝿�ĕR����sK/Ҷ��-X�>캈:&�èlk�;��@ƭ�r9�s~�߾��<�������<�~�����i���1g�� �g��e�yi� �D�qtm�8����CF���/ӕ� endstream endobj 51 0 obj << /D [10 0 R /XYZ 69.866 808.885 null] >> endobj 50 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/terms_of_use) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [69.87 599.52 133.249 610.937] >> endobj 33 0 obj << /Type /Encoding /Differences [2 /fi /fl 34 /quotedbl 39 /quoteright /parenleft /parenright 43 /plus /comma /hyphen /period /slash /zero /one /two /three /four /five /six /seven /eight /nine /colon 60 /less 65 /A /B /C /D /E /F /G /H /I 75 /K /L /M /N /O /P 82 /R /S /T /U /V /W 89 /Y 95 /underscore 97 /a /b /c /d /e /f /g /h /i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y 149 /bullet 169 /copyright 176 /degree] >> endobj 36 0 obj [333 278 278 556 556 556 556 556 556 556 556 556 556 333 333 584 584 584 611 975 722 722 722 722 667 611 778 722 278 556 722 611 833 722 778 667 778 722 667 611 722 667 944 667 667 611 333 278 333 584 556 278 556 611 556 611 556 333 611 611 278 278 556 278 889 611 611 611 611 389 556 333 611] endobj 34 0 obj [500 500 167 333 556 222 333 333 0 333 584 0 611 500 333 278 0 0 0 0 0 0 0 0 0 0 0 0 333 191 278 278 355 556 556 889 667 222 333 333 389 584 278 333 278 278 556 556 556 556 556 556 556 556 556 556 278 278 584 584 584 556 1015 667 667 722 722 667 611 778 722 278 500 667 556 833 722 778 667 778 722 667 611 722 667 944 667 667 611 278 278 278 469 556 222 556 556 500 556 556 278 556 556 222 222 500 222 833 556 556 556 556 333 500 278 556 500 722 500 500 500 334 260 334 584 0 0 0 222 556 333 1000 556 556 333 1000 667 333 1000 0 0 0 0 0 0 333 333 350 556 1000 333 1000 500 333 944 0 0 667 0 333 556 556 556 556 260 556 333 737 370 556 584 333 737 333 400] endobj 52 0 obj << /Length1 1608 /Length2 9545 /Filter /FlateDecode /Length 10371 /Length3 0 >> stream xڭteT�ђ-��N��݂�{h��n��;��� ��!@���C�H���Y�ͯ���[�;Uuv��]��i4uإ�����P�;;7�@�d������@�/F~4zzYW� ���A"�5@d��p ��d��>�`[;w���3++�?-B�>��y����^~

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE