CVE-2023-0321 CRITICAL

CVE-2023-0321: Disclosure of Sensitive Information on Campbell Scientific Products

Vendor Campbell Scientific

Product CR6

Weakness CWE-200 · Info exposure

Published January 25, 2023

Last update March 27, 2025

View on NVD All CVEs

CVSS base score

9.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the default configuration, allow this situation via the PakBus port. The exploitation of this vulnerability may allow an attacker to download, modify, and upload new configuration files.

Key dates

02Disclosure timeline

January 25, 2023 CVE published

March 27, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-0321 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

Identifiers

CVE CVE-2023-0321

CWE CWE-200

CVSS 9.1 / CRITICAL

Affected versions

Vendor Campbell Scientific

Product CR6

Affected all version

Vendor Campbell Scientific

Product CR300

Affected all version

Vendor Campbell Scientific

Product CR800

Affected all version

Vendor Campbell Scientific

Product CR1000

Affected all version

Vendor Campbell Scientific

Product CR3000

Affected all version

CVE-2023-0321: Disclosure of Sensitive Information on Campbell Scientific Products

01Description

02Disclosure timeline

03References

04Related CVE