Unauthenticated Access in Siemens CP-8000 and CP-8021 Series Products
CVE-2021-46304

7.5HIGH

Key Information:

Vendor: Siemens
Status: Cp-8000 Master Module With I/o -25/+70°c; Cp-8000 Master Module With I/o -40/+70°c; Cp-8021 Master Module; Cp-8022 Master Module With Gprs
Vendor: CVE Published:; 10 August 2022

Summary

A vulnerability exists in multiple models of Siemens CP-8000 and CP-8021 Master Modules that permits the activation of a web server module, providing an avenue for unauthenticated access. This could enable attackers to retrieve sensitive debug-level information, which may include details about the internal network topology and lists of connected systems. The risk is significant as it exposes critical information that could be leveraged for further attacks or unauthorized access.

Affected Version(s)

CP-8000 MASTER MODULE WITH I/O -25/+70°C All versions

CP-8000 MASTER MODULE WITH I/O -40/+70°C All versions

CP-8021 MASTER MODULE All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-18563...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 10, 2022
Vulnerability Reserved
Jan 14, 2022