CVE-2020-28396

A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V16), SICAM A8000 CP-8021 (All versions < V16), SICAM A8000 CP-8022 (All versions < V16). A web server misconfiguration of the affected device can cause insecure ciphers usage by a user´s browser. An attacker in a privileged position could decrypt the communication and compromise confidentiality and integrity of the transmitted information.

Weakness

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Affected Software

Name	Vendor	Start Version	End Version
Sicam_a8000_cp-8000_firmware	Siemens	*	16 (excluding)

https://cwe.mitre.org/data/definitions/1.html
https://cwe.mitre.org/data/definitions/107.html
https://cwe.mitre.org/data/definitions/127.html
https://cwe.mitre.org/data/definitions/17.html
https://cwe.mitre.org/data/definitions/20.html
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/237.html
https://cwe.mitre.org/data/definitions/36.html
https://cwe.mitre.org/data/definitions/477.html
https://cwe.mitre.org/data/definitions/480.html
https://cwe.mitre.org/data/definitions/51.html
https://cwe.mitre.org/data/definitions/57.html
https://cwe.mitre.org/data/definitions/59.html
https://cwe.mitre.org/data/definitions/65.html
https://cwe.mitre.org/data/definitions/668.html
https://cwe.mitre.org/data/definitions/74.html
https://cwe.mitre.org/data/definitions/87.html

References

https://cert-portal.siemens.com/productcert/pdf/ssa-415783.pdf
https://www.zerodayinitiative.com/advisories/ZDI-21-062/
https://cert-portal.siemens.com/productcert/pdf/ssa-415783.pdf
https://www.zerodayinitiative.com/advisories/ZDI-21-062/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-28396
CWE	https://cwe.mitre.org/data/definitions/693.html

Protection Mechanism Failure

Weakness

Affected Software

Related Attack Patterns

References