CVE-2021-45034

Public Exploit

Description

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links.

References

Link	Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf	patch vendor advisory
http://seclists.org/fulldisclosure/2022/Apr/20	mailing list third party advisory exploit
http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html	third party advisory vdb entry exploit

Frequently Asked Questions

What is the severity of CVE-2021-45034?: CVE-2021-45034 has been scored as a high severity vulnerability.
How to fix CVE-2021-45034?: To fix CVE-2021-45034, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-45034 being actively exploited in the wild?: It is possible that CVE-2021-45034 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-45034?: CVE-2021-45034 affects Siemens CP-8000 MASTER MODULE WITH I/O -25/+70°C, Siemens CP-8000 MASTER MODULE WITH I/O -40/+70°C, Siemens CP-8021 MASTER MODULE, Siemens CP-8022 MASTER MODULE WITH GPRS.

Description

Categories

CWE-284 – Improper Access Control

CWE-532 – Insertion of Sensitive Information into Log File

References

Frequently Asked Questions