Vulnerabilities > CVE-2021-46304 - Unspecified vulnerability in Siemens products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

siemens

NVD

Published: 2022-08-10

Updated: 2023-07-21

Summary

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions), CP-8021 MASTER MODULE (All versions), CP-8022 MASTER MODULE WITH GPRS (All versions). The component allows to activate a web server module which provides unauthenticated access to its web pages. This could allow an attacker to retrieve debug-level information from the component such as internal network topology or connected systems.

Vulnerable Configurations

Part	Description	Count
OS	Siemens Siemens CP 8021 Master Module Firmware * Siemens CP 8000 Master Module With I/O 25/+70 Firmware * Siemens CP 8000 Master Module With I/O 40/+70 Firmware * Siemens CP 8022 Master Module With Gprs Firmware *	4
Hardware	Siemens Siemens CP 8021 Master Module - Siemens CP 8000 Master Module With I/O 25/+70 - Siemens CP 8000 Master Module With I/O 40/+70 - Siemens CP 8022 Master Module With Gprs -	4

References

https://cert-portal.siemens.com/productcert/pdf/ssa-185638.pdf