Undocumented Debug Port Vulnerability in Siemens CP-8000 and CP-8021 Modules
CVE-2021-45033

8.8HIGH

Key Information:

Vendor: Siemens
Status: Cp-8000 Master Module With I/o -25/+70°c; Cp-8000 Master Module With I/o -40/+70°c; Cp-8021 Master Module; Cp-8022 Master Module With Gprs
Vendor: CVE Published:; 11 January 2022

What is CVE-2021-45033?

A security flaw within Siemens CP-8000 and CP-8021 Master Modules allows for unauthorized access to an administrative debug shell due to an undocumented debug port secured by hard-coded default credentials. This vulnerability is particularly concerning as it can be exploited if the debug port is enabled by a privileged user, allowing attackers who possess this knowledge to leverage administrative capabilities on the affected devices.

Affected Version(s)

CP-8000 MASTER MODULE WITH I/O -25/+70°C All versions < V16.20

CP-8000 MASTER MODULE WITH I/O -40/+70°C All versions < V16.20

CP-8021 MASTER MODULE All versions < V16.20

References

https://cert-portal.siemens.com/productcert/pdf/ssa-32499...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 11, 2022
Vulnerability Reserved
Dec 13, 2021