Hard-Coded Password Vulnerability in Siemens CP-8031 and CP-8050 Master Modules
CVE-2023-33920

6.8MEDIUM

Key Information:

Vendor: Siemens
Status: Cp-8031 Master Module; Cp-8050 Master Module
Vendor: CVE Published:; 13 June 2023

What is CVE-2023-33920?

A security flaw has been identified in the CP-8031 and CP-8050 Master Modules from Siemens, where the root password is hard-coded within the device firmware. This flaw exposes the modules to potential exploitation, particularly through UART console access for attackers with direct physical access. Any unauthorized individual gaining access to the hardware could exploit this weakness, leading to unauthorized control over the affected systems. It's crucial for users of these devices to ensure they are running the latest firmware versions to mitigate this risk.

Affected Version(s)

CP-8031 MASTER MODULE All versions < CPCI85 V05

CP-8050 MASTER MODULE All versions < CPCI85 V05

References

https://cert-portal.siemens.com/productcert/pdf/ssa-73191...

http://seclists.org/fulldisclosure/2023/Jul/14

http://packetstormsecurity.com/files/173370/Siemens-A8000...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2023
Vulnerability Reserved
May 23, 2023