PT-2023-4274 · Unknown · Cp-8031 Master Module+1
Christian Hager
+5
·
Published
2023-06-13
·
Updated
2023-07-11
·
CVE-2023-33920
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
CP-8031 MASTER MODULE versions prior to CPCI85 V05
CP-8050 MASTER MODULE versions prior to CPCI85 V05
Description
A vulnerability has been identified that involves the use of hard-coded credentials in the firmware of the affected devices. This could allow an attacker with direct physical access to exploit the vulnerability for UART console login to the device, potentially leading to privilege escalation.
Recommendations
For CP-8031 MASTER MODULE versions prior to CPCI85 V05, update to version CPCI85 V05 or later to resolve the issue.
For CP-8050 MASTER MODULE versions prior to CPCI85 V05, update to version CPCI85 V05 or later to resolve the issue.
As a temporary workaround, consider restricting physical access to the devices until a patch is applied.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cp-8031 Master Module
Cp-8050 Master Module