Unrated severityNVD Advisory· Published Jan 25, 2023· Updated Mar 27, 2025

Disclosure of Sensitive Information on Campbell Scientific Products

CVE-2023-0321

Description

Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the default configuration, allow this situation via the PakBus port. The exploitation of this vulnerability may allow an attacker to download, modify, and upload new configuration files.

Affected products

Campbell Scientific/Cr6v5
Range: all version
Campbell Scientific/Cr800v5
Range: all version

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.hackplayers.com/2023/01/cve-2023-0321-info-sensible-campbell.htmlmitre
www.incibe-cert.es/en/early-warning/ics-advisories/disclosure-sensitive-information-campbell-scientific-productsmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000