Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cp\-8022_master_module_with_gprs_firmware
(Siemens)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-01-11 | CVE-2021-45033 | A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device. | Cp\-8000_master_module_with_i\/o_\-25\/\+70_firmware, Cp\-8000_master_module_with_i\/o_\-40\/\+70_firmware, Cp\-8021_master_module_firmware, Cp\-8022_master_module_with_gprs_firmware | 8.8 | ||
| 2022-01-11 | CVE-2021-45034 | A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links. | Cp\-8000_master_module_with_i\/o_\-25\/\+70_firmware, Cp\-8000_master_module_with_i\/o_\-40\/\+70_firmware, Cp\-8021_master_module_firmware, Cp\-8022_master_module_with_gprs_firmware | 7.5 | ||
| 2022-08-10 | CVE-2021-46304 | A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions), CP-8021 MASTER MODULE (All versions), CP-8022 MASTER MODULE WITH GPRS (All versions). The component allows to activate a web server module which provides unauthenticated access to its web pages. This could allow an attacker to retrieve debug-level information from the component such as internal network topology or connected systems. | Cp\-8000_master_module_with_i\/o_\-25\/\+70_firmware, Cp\-8000_master_module_with_i\/o_\-40\/\+70_firmware, Cp\-8021_master_module_firmware, Cp\-8022_master_module_with_gprs_firmware | 7.5 |