CVE-2023-0321

Опубликовано: 26 янв. 2023

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the default configuration, allow this situation via the PakBus port. The exploitation of this vulnerability may allow an attacker to download, modify, and upload new configuration files.

Ссылки

https://www.hackplayers.com/2023/01/cve-2023-0321-info-sensible-campbell.html
Exploit
Third Party Advisory
https://www.incibe-cert.es/en/early-warning/ics-advisories/disclosure-sensitive-information-campbell-scientific-products
Mitigation
Third Party Advisory
https://www.hackplayers.com/2023/01/cve-2023-0321-info-sensible-campbell.html
Exploit
Third Party Advisory
https://www.incibe-cert.es/en/early-warning/ics-advisories/disclosure-sensitive-information-campbell-scientific-products
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:campbellsci:cr6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:campbellsci:cr6:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:campbellsci:cr300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:campbellsci:cr300:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:campbellsci:cr800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:campbellsci:cr800:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:campbellsci:cr1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:campbellsci:cr1000:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:campbellsci:cr3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:campbellsci:cr3000:-:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00335

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-200

Связанные уязвимости

GHSA-4wqr-g68x-cv52

CVSS3: 9.1

github

около 3 лет назад

EPSS

Процентиль: 56%

0.00335

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-200