File Access Vulnerability in Siemens A8000 CP Master Modules
CVE-2021-45034

7.5HIGH

Key Information:

Vendor
Siemens
Status
Cp-8000 Master Module With I/o -25/+70°c
Cp-8000 Master Module With I/o -40/+70°c
Cp-8021 Master Module
Cp-8022 Master Module With Gprs
Vendor
CVE Published:
11 January 2022

Summary

A vulnerability exists in the web server of Siemens A8000 CP Master Modules that permits an unauthenticated attacker to access sensitive log files and diagnostic data generated by privileged users. The issue arises from missing authentication mechanisms that allow unauthorized users to download files if they possess the corresponding links. This vulnerability affects multiple versions of the CP-8000 MASTER MODULE and CP-8021/8022 devices, exposing critical operational information.

Affected Version(s)

CP-8000 MASTER MODULE WITH I/O -25/+70°C All versions < V16.20

CP-8000 MASTER MODULE WITH I/O -40/+70°C All versions < V16.20

CP-8021 MASTER MODULE All versions < V16.20

References

https://cert-portal.siemens.com/productcert/pdf/ssa-32499...
x_refsource_MISC
http://seclists.org/fulldisclosure/2022/Apr/20
mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/166743/Siemens-A8000...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.