CVE-2023-0321

Public Exploit
Disclosure of Sensitive Information on Campbell Scientific Products

Description

Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the default configuration, allow this situation via the PakBus port. The exploitation of this vulnerability may allow an attacker to download, modify, and upload new configuration files.

Remediation

Workaround:

  • HTTP can be disabled or secured through username/password, and Pakbus can be secured through the use of PakBus encryption key and/or PakBus/TCP password. Campbell Scientific offers a guide with instructions to maximize the security of all Internet connectivity of the affected devices (see more in the references).

Category

9.1
CVSS
Severity: Critical
CVSS 3.1 •
EPSS 0.25%
Third-Party Advisory hackplayers.com Third-Party Advisory incibe-cert.es
Affected: Campbell Scientific CR6
Affected: Campbell Scientific CR300
Affected: Campbell Scientific CR800
Affected: Campbell Scientific CR1000
Affected: Campbell Scientific CR3000
Published at:
Updated at:

References

Link Tags
https://www.incibe-cert.es/en/early-warning/ics-advisories/disclosure-sensitive-information-campbell-scientific-products mitigation third party advisory
https://www.hackplayers.com/2023/01/cve-2023-0321-info-sensible-campbell.html third party advisory exploit

Frequently Asked Questions

What is the severity of CVE-2023-0321?
CVE-2023-0321 has been scored as a critical severity vulnerability.
How to fix CVE-2023-0321?
As a workaround for remediating CVE-2023-0321: HTTP can be disabled or secured through username/password, and Pakbus can be secured through the use of PakBus encryption key and/or PakBus/TCP password. Campbell Scientific offers a guide with instructions to maximize the security of all Internet connectivity of the affected devices (see more in the references).
Is CVE-2023-0321 being actively exploited in the wild?
It is possible that CVE-2023-0321 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-0321?
CVE-2023-0321 affects Campbell Scientific CR6, Campbell Scientific CR300, Campbell Scientific CR800, Campbell Scientific CR1000, Campbell Scientific CR3000.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.