8.8
CVE-2021-45033
- EPSS 0.28%
- Veröffentlicht 11.01.2022 12:15:10
- Zuletzt bearbeitet 21.11.2024 06:31:50
- Quelle productcert@siemens.com
- CVE-Watchlists
- Unerledigt
LoginA vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Siemens ≫ Cp-8000 Master Module With I/o -25/+70 Firmware Version < 16.20
Siemens ≫ Cp-8000 Master Module With I/o -40/+70 Firmware Version < 16.20
Siemens ≫ Cp-8021 Master Module Firmware Version < 16.20
Siemens ≫ Cp-8022 Master Module With Gprs Firmware Version < 16.20
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.513 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 8.5 | 6.8 | 10 |
AV:N/AC:M/Au:S/C:C/I:C/A:C
|
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.