CVE-2023-0321

Name of the Vulnerable Software and Affected Versions Campbell Scientific dataloggers versions CR6, CR300, CR800, CR1000, CR3000

Description The issue allows an attacker to download configuration files, potentially containing sensitive internal network information. By default, the devices have HTTP and PakBus enabled, making them vulnerable via the PakBus port. An attacker could exploit this to download, modify, and upload new configuration files.

Recommendations For Campbell Scientific dataloggers versions CR6, CR300, CR800, CR1000, CR3000, consider disabling the PakBus port or restricting access to it until a patch is available. As a temporary workaround, restrict access to the default HTTP configuration to minimize the risk of exploitation. Avoid using the default configuration settings for the PakBus port until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.