CVE-2023-36380

Name of the Vulnerable Software and Affected Versions CP-8031 MASTER MODULE versions prior to CPCI85 V05.11 CP-8050 MASTER MODULE versions prior to CPCI85 V05.11

Description A vulnerability has been identified in the CP-8031 and CP-8050 MASTER MODULES, where the affected devices contain a hard-coded ID in the SSH authorized keys configuration file. This could allow an attacker with knowledge of the corresponding private key to login to the device via SSH. Only devices with activated debug support are affected.

Recommendations For CP-8031 MASTER MODULE versions prior to CPCI85 V05.11, consider disabling the SSH access or restricting the use of the authorized keys file until a patch is available. For CP-8050 MASTER MODULE versions prior to CPCI85 V05.11, consider disabling the SSH access or restricting the use of the authorized keys file until a patch is available. As a temporary workaround, consider deactivating the debug support to minimize the risk of exploitation.