PT-2022-12296 · Unknown · Cp-8000 Master Module With I/O -25/+70°C+3
Published
2022-01-11
·
Updated
2022-07-01
·
CVE-2021-45034
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
CP-8000 MASTER MODULE WITH I/O -25/+70°C versions prior to V16.20
CP-8000 MASTER MODULE WITH I/O -40/+70°C versions prior to V16.20
CP-8021 MASTER MODULE versions prior to V16.20
CP-8022 MASTER MODULE WITH GPRS versions prior to V16.20
Description
A vulnerability has been identified that allows access to logfiles and diagnostic data generated by a privileged user through the web server of the affected system. An unauthenticated attacker could access these files by knowing the corresponding download links.
Recommendations
For CP-8000 MASTER MODULE WITH I/O -25/+70°C versions prior to V16.20, update to version V16.20 or later.
For CP-8000 MASTER MODULE WITH I/O -40/+70°C versions prior to V16.20, update to version V16.20 or later.
For CP-8021 MASTER MODULE versions prior to V16.20, update to version V16.20 or later.
For CP-8022 MASTER MODULE WITH GPRS versions prior to V16.20, update to version V16.20 or later.
As a temporary workaround, consider restricting access to the web server until a patch is available.
Exploit
Fix
Insertion into Log File
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cp-8000 Master Module With I/O -25/+70°C
Cp-8000 Master Module With I/O -40/+70°C
Cp-8021 Master Module
Cp-8022 Master Module With Gprs