Protect Your Campbell Scientific Datalogger from Remote Configuration File Access

CVECVE-2023-0321
CVSScvssV3_1: 9.1
SourceCVE-2023-0321

Campbell Scientific dataloggers are devices used for remote monitoring and data collection. However, a vulnerability has been discovered that could allow unauthorized access to configuration files on some of their datalogger models.

The vulnerability affects the CR6, CR300, CR800, CR1000 and CR3000 dataloggers. By default, these devices have HTTP and PakBus enabled, which allows remote access to download, modify and upload configuration files. An attacker could potentially exploit this to access sensitive internal network information contained within the configuration files.

So how does this work? With the default settings, an attacker would only need to know the IP address or hostname of the affected datalogger. They could then use the PakBus port to download copies of the configuration files containing details of the monitored sensors and any WiFi or internal network settings.

To protect yourself, it is recommended to change the default credentials on your Campbell Scientific dataloggers and disable unnecessary services like HTTP and PakBus if remote access is not needed. You should also consider using a firewall to restrict connections to only trusted systems. Taking some basic steps now can help prevent unauthorized access to your monitoring setup and sensitive site information.

References