Exposed UART Console Vulnerability in Siemens CP-8031 and CP-8050 Master Modules
CVE-2023-33921

6.8MEDIUM

Key Information:

Vendor: Siemens
Status: Cp-8031 Master Module; Cp-8050 Master Module
Vendor: CVE Published:; 13 June 2023

Summary

A security vulnerability has been discovered in the Siemens CP-8031 and CP-8050 Master Modules due to an exposed UART console login interface. This flaw allows an attacker with physical access to the devices the opportunity to attempt brute-force attacks or password cracking to gain unauthorized access. Users are advised to implement physical security measures to protect against potential exploitation of this vulnerability.

Affected Version(s)

CP-8031 MASTER MODULE All versions < CPCI85 V05

CP-8050 MASTER MODULE All versions < CPCI85 V05

References

https://cert-portal.siemens.com/productcert/pdf/ssa-73191...

http://seclists.org/fulldisclosure/2023/Jul/14

http://packetstormsecurity.com/files/173370/Siemens-A8000...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 13, 2023
Vulnerability Reserved
May 23, 2023