CVE-2021-45033

Name of the Vulnerable Software and Affected Versions CP-8000 MASTER MODULE WITH I/O -25/+70°C versions prior to V16.20 CP-8000 MASTER MODULE WITH I/O -40/+70°C versions prior to V16.20 CP-8021 MASTER MODULE versions prior to V16.20 CP-8022 MASTER MODULE WITH GPRS versions prior to V16.20

Description A vulnerability has been identified in the affected devices, where an undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device.

Recommendations For CP-8000 MASTER MODULE WITH I/O -25/+70°C versions prior to V16.20, update to version V16.20 or later. For CP-8000 MASTER MODULE WITH I/O -40/+70°C versions prior to V16.20, update to version V16.20 or later. For CP-8021 MASTER MODULE versions prior to V16.20, update to version V16.20 or later. For CP-8022 MASTER MODULE WITH GPRS versions prior to V16.20, update to version V16.20 or later. As a temporary workaround, consider disabling the undocumented debug port until a patch is available.