### [CVE-2021-45034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45034)
![](https://img.shields.io/static/v1?label=Product&message=CP-8000%20MASTER%20MODULE%20WITH%20I%2FO%20-25%2F%2B70%C2%B0C&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=CP-8000%20MASTER%20MODULE%20WITH%20I%2FO%20-40%2F%2B70%C2%B0C&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=CP-8021%20MASTER%20MODULE&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=CP-8022%20MASTER%20MODULE%20WITH%20GPRS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=All%20versions%20%3C%20V16.20%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%3A%20Improper%20Access%20Control&color=brightgreen)

### Description

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links.

### POC

#### Reference
- http://packetstormsecurity.com/files/166743/Siemens-A8000-CP-8050-CP-8031-SICAM-WEB-Missing-File-Download-Missing-Authentication.html
- http://seclists.org/fulldisclosure/2022/Apr/20

#### Github
No PoCs found on GitHub currently.