CVE-2023-42797

Name of the Vulnerable Software and Affected Versions CP-8031 MASTER MODULE versions prior to CPCI85 V05.20 CP-8050 MASTER MODULE versions prior to CPCI85 V05.20

Description A flaw has been identified in the network configuration service of affected devices, related to the conversion of ipv4 addresses, which could lead to an uninitialized variable being used in succeeding validation steps. This issue allows an authenticated remote attacker to inject commands that are executed on the device with root privileges during device startup by uploading specially crafted network configuration.

Recommendations For CP-8031 MASTER MODULE versions prior to CPCI85 V05.20, update to version CPCI85 V05.20 or later to resolve the issue. For CP-8050 MASTER MODULE versions prior to CPCI85 V05.20, update to version CPCI85 V05.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the network configuration service to minimize the risk of exploitation.