CVE-2021-45033

2022-01-1111:27:17

CWE-798

siemens

www.cve.org

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.7%

JSON

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device.

CNA Affected

[
  {
    "product": "CP-8000 MASTER MODULE WITH I/O -25/+70°C",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V16.20"
      }
    ]
  },
  {
    "product": "CP-8000 MASTER MODULE WITH I/O -40/+70°C",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V16.20"
      }
    ]
  },
  {
    "product": "CP-8021 MASTER MODULE",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V16.20"
      }
    ]
  },
  {
    "product": "CP-8022 MASTER MODULE WITH GPRS",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V16.20"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf