Hardcoded credentials

2022-01-1112:15:00

PRIOn knowledge base

www.prio-n.com

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.7%

JSON

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device.

CPENameOperatorVersion
cp-8000_master_module_with_i\\/o_-25\\/\\+70_firmwarelt16.20
cp-8000_master_module_with_i\\/o_-40\\/\\+70_firmwarelt16.20
cp-8021_master_module_firmwarelt16.20
cp-8022_master_module_with_gprs_firmwarelt16.20

Name	Operator	Version
cp-8000_master_module_with_i\\/o_-25\\/\\+70_firmware	lt	16.20
cp-8000_master_module_with_i\\/o_-40\\/\\+70_firmware	lt	16.20
cp-8021_master_module_firmware	lt	16.20
cp-8022_master_module_with_gprs_firmware	lt	16.20

References

cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf