CVE-2021-45034
N/A
N/A
Summary
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | CP-8000 MASTER MODULE WITH I/O -25/+70°C | All versions < V16.20 | affected |
| Siemens | CP-8000 MASTER MODULE WITH I/O -40/+70°C | All versions < V16.20 | affected |
| Siemens | CP-8021 MASTER MODULE | All versions < V16.20 | affected |
| Siemens | CP-8022 MASTER MODULE WITH GPRS | All versions < V16.20 | affected |
Weaknesses
- CWE-284: CWE-284: Improper Access Control
ADP Enrichment
CVE Program Container
Additional References
- https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf
- http://seclists.org/fulldisclosure/2022/Apr/20
- http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf
- http://seclists.org/fulldisclosure/2022/Apr/20
- http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.