CVE-2021-46304

Name of the Vulnerable Software and Affected Versions CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions) CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions) CP-8021 MASTER MODULE (All versions) CP-8022 MASTER MODULE WITH GPRS (All versions)

Description A vulnerability has been identified in the web server module of the affected components, which allows unauthenticated access to its web pages. This could allow an attacker to retrieve debug-level information from the component, such as internal network topology or connected systems. The issue is related to inadequate access control, which could enable a remote attacker to determine the devices used in the network.

Recommendations For CP-8000 MASTER MODULE WITH I/O -25/+70°C, consider disabling the web server module until a patch is available. For CP-8000 MASTER MODULE WITH I/O -40/+70°C, consider disabling the web server module until a patch is available. For CP-8021 MASTER MODULE, consider disabling the web server module until a patch is available. For CP-8022 MASTER MODULE WITH GPRS, consider disabling the web server module until a patch is available. As a temporary workaround, restrict access to the web server module to minimize the risk of exploitation.