Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the default configuration, allow this situation via the PakBus port. The exploitation of this vulnerability may allow an attacker to download, modify, and upload new configuration files.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: INCIBE
Published: 2023-01-25T00:00:00
Updated: 2024-08-02T05:10:55.177Z
Reserved: 2023-01-16T00:00:00
Link: CVE-2023-0321
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-01-26T21:18:07.143
Modified: 2024-11-21T07:36:58.030
Link: CVE-2023-0321
Redhat
No data.