Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveINCIBECVE-2023-0321
HistoryJan 26, 2023 - 9:18 p.m.

CVE-2023-0321

2023-01-2621:18:07
CWE-200
INCIBE
web.nvd.nist.gov
22
campbell scientific
dataloggers
cr6
cr300
cr800
cr1000
cr3000
vulnerability
unauthorized access
configuration files
http
pakbus
exploitation

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

49.3%

JSON

Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the default configuration, allow this situation via the PakBus port. The exploitation of this vulnerability may allow an attacker to download, modify, and upload new configuration files.

Affected configurations

Nvd
Vulners
Node
campbellscicr6Match-
AND
campbellscicr6_firmware
Node
campbellscicr300Match-
AND
campbellscicr300_firmware
Node
campbellscicr800Match-
AND
campbellscicr800_firmware
Node
campbellscicr1000Match-
AND
campbellscicr1000_firmware
Node
campbellscicr3000Match-
AND
campbellscicr3000_firmware
VendorProductVersionCPE
campbellscicr6-cpe:2.3:h:campbellsci:cr6:-:*:*:*:*:*:*:*
campbellscicr6_firmware*cpe:2.3:o:campbellsci:cr6_firmware:*:*:*:*:*:*:*:*
campbellscicr300-cpe:2.3:h:campbellsci:cr300:-:*:*:*:*:*:*:*
campbellscicr300_firmware*cpe:2.3:o:campbellsci:cr300_firmware:*:*:*:*:*:*:*:*
campbellscicr800-cpe:2.3:h:campbellsci:cr800:-:*:*:*:*:*:*:*
campbellscicr800_firmware*cpe:2.3:o:campbellsci:cr800_firmware:*:*:*:*:*:*:*:*
campbellscicr1000-cpe:2.3:h:campbellsci:cr1000:-:*:*:*:*:*:*:*
campbellscicr1000_firmware*cpe:2.3:o:campbellsci:cr1000_firmware:*:*:*:*:*:*:*:*
campbellscicr3000-cpe:2.3:h:campbellsci:cr3000:-:*:*:*:*:*:*:*
campbellscicr3000_firmware*cpe:2.3:o:campbellsci:cr3000_firmware:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Campbell Scientific",
    "product": "CR6",
    "versions": [
      {
        "version": "all version",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Campbell Scientific",
    "product": "CR300",
    "versions": [
      {
        "version": "all version",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Campbell Scientific",
    "product": "CR800",
    "versions": [
      {
        "version": "all version",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Campbell Scientific",
    "product": "CR1000",
    "versions": [
      {
        "version": "all version",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Campbell Scientific",
    "product": "CR3000",
    "versions": [
      {
        "version": "all version",
        "status": "affected"
      }
    ]
  }
]

Related

prion 1
nvd 1
cvelist 1
prion
prion
Default configuration
2023-01-26 21:18:00
nvd
nvd
CVE-2023-0321
2023-01-26 21:18:07
cvelist
cvelist
CVE-2023-0321 Disclosure of Sensitive Information on Campbell Scientific Products
2023-01-25 00:00:00

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

49.3%

JSON
Related for CVE-2023-0321
prion1nvd1cvelist1