CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CVE-2012-5864 (GCVE-0-2012-5864)
Vulnerability from cvelistv5
Published
2012-11-23 11:00
Modified
2025-07-08 15:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
These Sinapsi devices
do not check if users that visit pages within the device have properly
authenticated. By directly visiting the pages within the device,
attackers can gain unauthorized access with administrative privileges.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sinapsi | eSolar |
Version: 0 < 2.0.2870_xxx_2.2.12 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:27.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21273",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/21273/"
},
{
"name": "sinapsi-sec-bypass(80203)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80203"
},
{
"name": "20120911 Multiple vulnerabilities in Ezylog photovoltaic management server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sinapsitech.it/default.asp?active_page_id=78\u0026news_id=88"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "eSolar",
"vendor": "Sinapsi",
"versions": [
{
"lessThan": "2.0.2870_xxx_2.2.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "eSolar DUO",
"vendor": "Sinapsi",
"versions": [
{
"lessThan": "2.0.2870_xxx_2.2.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "eSolar Light",
"vendor": "Sinapsi",
"versions": [
{
"lessThan": "2.0.2870_xxx_2.2.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Roberto Paleari and Ivan Speziale identified vulnerabilities and released proof-of-concept (exploit) code for the Sinapsi eSolar Light Photovoltaic System Monitor without coordination with Sinapsi or ICS-CERT."
}
],
"datePublic": "2012-09-11T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "These Sinapsi devices \ndo not check if users that visit pages within the device have properly \nauthenticated. By directly visiting the pages within the device, \nattackers can gain unauthorized access with administrative privileges."
}
],
"value": "These Sinapsi devices \ndo not check if users that visit pages within the device have properly \nauthenticated. By directly visiting the pages within the device, \nattackers can gain unauthorized access with administrative privileges."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T15:27:10.014Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "21273",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/21273/"
},
{
"name": "20120911 Multiple vulnerabilities in Ezylog photovoltaic management server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html"
},
{
"name": "sinapsi-default-password(80200)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80200"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sinapsitech.it/default.asp?active_page_id=78\u0026news_id=88"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sinapsi has developed a new firmware version 2.0.2870_2.2.12 that \nmitigates these vulnerabilities. Sinapsi released the new firmware on \nMonday, November 19, 2012 directly to the devices. Users will be able to\n manually download the firmware on their device by using the Firmware \nUpdate function in the System Menu in the device\u2019s Web interface. \nSinapsi has also posted a security newsletter to its \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.sinapsitech.it/default.asp?active_page_id=78\u0026amp;news_id=88\"\u003epublic Web site\u003c/a\u003e\u0026nbsp;.\u003cp\u003eOther affected vendors have been notified by Sinapsi and ICS-CERT, \nbut the availability of new firmware upgrades are unknown by ICS-CERT at\n this time.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Sinapsi has developed a new firmware version 2.0.2870_2.2.12 that \nmitigates these vulnerabilities. Sinapsi released the new firmware on \nMonday, November 19, 2012 directly to the devices. Users will be able to\n manually download the firmware on their device by using the Firmware \nUpdate function in the System Menu in the device\u2019s Web interface. \nSinapsi has also posted a security newsletter to its public Web site http://www.sinapsitech.it/default.asp \u00a0.Other affected vendors have been notified by Sinapsi and ICS-CERT, \nbut the availability of new firmware upgrades are unknown by ICS-CERT at\n this time."
}
],
"source": {
"advisory": "ICSA-12-325-01",
"discovery": "EXTERNAL"
},
"title": "Sinapsi eSolar Improper Authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-5862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "login.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by leveraging a (1) cleartext password or (2) password hash contained in this script, as demonstrated by a password of astridservice or 36e44c9b64."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21273",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/21273/"
},
{
"name": "20120911 Multiple vulnerabilities in Ezylog photovoltaic management server",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html"
},
{
"name": "sinapsi-default-password(80200)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80200"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf"
},
{
"name": "http://www.sinapsitech.it/default.asp?active_page_id=78\u0026news_id=88",
"refsource": "CONFIRM",
"url": "http://www.sinapsitech.it/default.asp?active_page_id=78\u0026news_id=88"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-5864",
"datePublished": "2012-11-23T11:00:00",
"dateReserved": "2012-11-14T00:00:00",
"dateUpdated": "2025-07-08T15:27:10.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6437 (GCVE-0-2012-6437)
Vulnerability from cvelistv5
Published
2013-01-24 21:00
Modified
2025-06-30 22:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and confidentiality and a disruption in communications with other connected devices.
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Rockwell Automation | 1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules |
Version: All |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CompactLogix L32E and L35E controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1788-ENBT FLEXLogix adapter",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1794-AENTR FLEX I/O EtherNet/IP adapter",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix, CompactLogix, GuardLogix, and SoftLogix",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CompactLogix and SoftLogix controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix and GuardLogix controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MicroLogix",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "1100"
},
{
"status": "affected",
"version": "1400"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rub\u00e9n Santamarta of IOActive identified vulnerabilities in Rockwell Automation\u2019s ControlLogix PLC and released proof-of-concept (exploit) code at the Digital Bond S4 Conference on January 19, 2012."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and confidentiality and a disruption in communications with other connected devices.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/p\u003e\u003cp\u003eRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400\u0026nbsp;\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and confidentiality and a disruption in communications with other connected devices.\n\n\n\n\n\nRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400"
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T22:05:18.667Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156"
},
{
"url": "http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAccording to Rockwell, any of the above products that become affected by a vulnerability can be reset by rebooting or power cycling the affected product. After the reboot, the affected product may require some reconfiguration.\u003c/p\u003e\u003cp\u003eTo mitigate the vulnerabilities, Rockwell has developed and released security patches on July 18, 2012, to address each of the issues. To download and install the patches please refer to Rockwell\u2019s Advisories at:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/aid/470155\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/aid/470156\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor more information on security with Rockwell Automation products, please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\"\u003eRockwell\u2019s Security Advisory Index\u003c/a\u003e.\u003c/p\u003e"
}
],
"value": "According to Rockwell, any of the above products that become affected by a vulnerability can be reset by rebooting or power cycling the affected product. After the reboot, the affected product may require some reconfiguration.\n\nTo mitigate the vulnerabilities, Rockwell has developed and released security patches on July 18, 2012, to address each of the issues. To download and install the patches please refer to Rockwell\u2019s Advisories at:\n\n https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154 \n https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155 \n https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156 \n\nFor more information on security with Rockwell Automation products, please refer to Rockwell\u2019s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 ."
}
],
"source": {
"advisory": "ICSA-13-011-03",
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation ControlLogix PLC Improper Authentication",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRockwell recommends updating to the newest firmware patches to fix the vulnerabilities, but if not able to do so right away, then Rockwell advises immediately employing the following mitigations for each of the affected products.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eTo mitigate the vulnerability with the Web server password authentication mechanism:\u003c/p\u003e\u003col\u003e\u003cli\u003eUpgrade the MicroLogix 1400 firmware to FRN 12 or higher.\u003c/li\u003e\u003cli\u003eBecause of limitations in the MicroLogix 1100 platform, none of the firmware updates will be able to fix this issue, so users should use the following techniques to help reduce the likelihood of compromise.\u003c/li\u003e\u003cli\u003eWhere possible, disable the Web server and change all default Administrator and Guest passwords.\u003c/li\u003e\u003cli\u003eIf Web server functionality is needed, then Rockwell recommends upgrading the product\u2019s firmware to the most current version to have the newest enhanced protections available such as:\u003col\u003e\u003cli\u003eWhen a controller receives two consecutive invalid authentication requests from an HTTP client, the controller resets the Authentication Counter after 60 minutes.\u003c/li\u003e\u003cli\u003eWhen a controller receives 10 invalid authentication requests from any HTTP client, it will not accept any valid or invalid authentication packets until a 24-hour HTTP Server Lock Timer timeout.\u003c/li\u003e\u003c/ol\u003e\u003c/li\u003e\u003cli\u003eIf Web server functionality is needed, Rockwell also recommends configuring user accounts to have READ only access to the product so those accounts cannot be used to make configuration change\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eIn addition to the above, Rockwell recommends concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, they suggest you apply multiple recommendations and complement this list with your own best-practices:\u003c/p\u003e\u003col\u003e\u003cli\u003eEmploy layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ab.com/networks/architectures.html\"\u003ehttp://www.ab.com/networks/architectures.html\u003c/a\u003e for comprehensive information about implementing validated architectures designed to deliver these measures.\u003c/li\u003e\u003cli\u003eRestrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to be in contact with control system equipment.\u003c/li\u003e\u003cli\u003eEmploy firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.\u003c/li\u003e\u003cli\u003eUse up-to-date end-point protection software (e.g., antivirus/antimalware software) on all PC-based assets.\u003c/li\u003e\u003cli\u003eMake sure that software and control system device firmware is patched to current releases.\u003c/li\u003e\u003cli\u003ePeriodically change passwords in control system components and infrastructure devices.\u003c/li\u003e\u003cli\u003eWhere applicable, set the controller key-switch/mode-switch to RUN mode.\u003c/li\u003e\u003c/ol\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFor more information on security with Rockwell Automation products, please refer to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\"\u003eRockwell\u2019s Security Advisory Index\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Rockwell recommends updating to the newest firmware patches to fix the vulnerabilities, but if not able to do so right away, then Rockwell advises immediately employing the following mitigations for each of the affected products.\n\n\n\n\n\nTo mitigate the vulnerability with the Web server password authentication mechanism:\n\n * Upgrade the MicroLogix 1400 firmware to FRN 12 or higher.\n * Because of limitations in the MicroLogix 1100 platform, none of the firmware updates will be able to fix this issue, so users should use the following techniques to help reduce the likelihood of compromise.\n * Where possible, disable the Web server and change all default Administrator and Guest passwords.\n * If Web server functionality is needed, then Rockwell recommends upgrading the product\u2019s firmware to the most current version to have the newest enhanced protections available such as: * When a controller receives two consecutive invalid authentication requests from an HTTP client, the controller resets the Authentication Counter after 60 minutes.\n * When a controller receives 10 invalid authentication requests from any HTTP client, it will not accept any valid or invalid authentication packets until a 24-hour HTTP Server Lock Timer timeout.\n\n * If Web server functionality is needed, Rockwell also recommends configuring user accounts to have READ only access to the product so those accounts cannot be used to make configuration change\nIn addition to the above, Rockwell recommends concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, they suggest you apply multiple recommendations and complement this list with your own best-practices:\n\n * Employ layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to http://www.ab.com/networks/architectures.html for comprehensive information about implementing validated architectures designed to deliver these measures.\n * Restrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to be in contact with control system equipment.\n * Employ firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.\n * Use up-to-date end-point protection software (e.g., antivirus/antimalware software) on all PC-based assets.\n * Make sure that software and control system device firmware is patched to current releases.\n * Periodically change passwords in control system components and infrastructure devices.\n * Where applicable, set the controller key-switch/mode-switch to RUN mode.\n\n\n\n\nFor more information on security with Rockwell Automation products, please refer to Rockwell\u2019s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 ."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-6439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that modifies the (1) configuration or (2) network parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-6437",
"datePublished": "2013-01-24T21:00:00Z",
"dateReserved": "2012-12-26T00:00:00Z",
"dateUpdated": "2025-06-30T22:05:18.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6440 (GCVE-0-2012-6440)
Vulnerability from cvelistv5
Published
2013-01-24 21:00
Modified
2025-06-30 22:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product’s Web server to view and alter product configuration and diagnostics information.
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Rockwell Automation | 1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules |
Version: All |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CompactLogix L32E and L35E controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1788-ENBT FLEXLogix adapter",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1794-AENTR FLEX I/O EtherNet/IP adapter",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix, CompactLogix, GuardLogix, and SoftLogix",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CompactLogix and SoftLogix controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix and GuardLogix controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MicroLogix",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "1100"
},
{
"status": "affected",
"version": "1400"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability was discovered by Rockwell Automation engineers as they were investigating other vulnerabilities reported at the Digital Bond S4 2012 Conference."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product\u2019s Web server to view and alter product configuration and diagnostics information.\u003c/span\u003e\n\n\u003c/p\u003e\u003cp\u003eRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400\u0026nbsp;\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product\u2019s Web server to view and alter product configuration and diagnostics information.\n\n\n\nRockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400"
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T22:03:01.214Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156"
},
{
"url": "http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAccording to Rockwell, any of the above products that become affected by a vulnerability can be reset by rebooting or power cycling the affected product. After the reboot, the affected product may require some reconfiguration.\u003c/p\u003e\u003cp\u003eTo mitigate the vulnerabilities, Rockwell has developed and released security patches on July 18, 2012, to address each of the issues. To download and install the patches please refer to Rockwell\u2019s Advisories at:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/aid/470155\u003c/a\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/aid/470156\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor more information on security with Rockwell Automation products, please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\"\u003eRockwell\u2019s Security Advisory Index\u003c/a\u003e.\u003c/p\u003e"
}
],
"value": "According to Rockwell, any of the above products that become affected by a vulnerability can be reset by rebooting or power cycling the affected product. After the reboot, the affected product may require some reconfiguration.\n\nTo mitigate the vulnerabilities, Rockwell has developed and released security patches on July 18, 2012, to address each of the issues. To download and install the patches please refer to Rockwell\u2019s Advisories at:\n\n https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154 \n https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155 \n https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156 \n\nFor more information on security with Rockwell Automation products, please refer to Rockwell\u2019s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 ."
}
],
"source": {
"advisory": "ICSA-13-011-03",
"discovery": "INTERNAL"
},
"title": "Rockwell Automation ControlLogix PLC Improper Input Validation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRockwell recommends updating to the newest firmware patches to fix the vulnerabilities, but if not able to do so right away, then Rockwell advises immediately employing the following mitigations for each of the affected products.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eTo mitigate the vulnerability with the Web server password authentication mechanism:\u003c/p\u003e\u003col\u003e\u003cli\u003eUpgrade the MicroLogix 1400 firmware to FRN 12 or higher.\u003c/li\u003e\u003cli\u003eBecause of limitations in the MicroLogix 1100 platform, none of the firmware updates will be able to fix this issue, so users should use the following techniques to help reduce the likelihood of compromise.\u003c/li\u003e\u003cli\u003eWhere possible, disable the Web server and change all default Administrator and Guest passwords.\u003c/li\u003e\u003cli\u003eIf Web server functionality is needed, then Rockwell recommends upgrading the product\u2019s firmware to the most current version to have the newest enhanced protections available such as:\u003col\u003e\u003cli\u003eWhen a controller receives two consecutive invalid authentication requests from an HTTP client, the controller resets the Authentication Counter after 60 minutes.\u003c/li\u003e\u003cli\u003eWhen a controller receives 10 invalid authentication requests from any HTTP client, it will not accept any valid or invalid authentication packets until a 24-hour HTTP Server Lock Timer timeout.\u003c/li\u003e\u003c/ol\u003e\u003c/li\u003e\u003cli\u003eIf Web server functionality is needed, Rockwell also recommends configuring user accounts to have READ only access to the product so those accounts cannot be used to make configuration change\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eIn addition to the above, Rockwell recommends concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, they suggest you apply multiple recommendations and complement this list with your own best-practices:\u003c/p\u003e\u003col\u003e\u003cli\u003eEmploy layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ab.com/networks/architectures.html\"\u003ehttp://www.ab.com/networks/architectures.html\u003c/a\u003e for comprehensive information about implementing validated architectures designed to deliver these measures.\u003c/li\u003e\u003cli\u003eRestrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to be in contact with control system equipment.\u003c/li\u003e\u003cli\u003eEmploy firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.\u003c/li\u003e\u003cli\u003eUse up-to-date end-point protection software (e.g., antivirus/antimalware software) on all PC-based assets.\u003c/li\u003e\u003cli\u003eMake sure that software and control system device firmware is patched to current releases.\u003c/li\u003e\u003cli\u003ePeriodically change passwords in control system components and infrastructure devices.\u003c/li\u003e\u003cli\u003eWhere applicable, set the controller key-switch/mode-switch to RUN mode.\u003c/li\u003e\u003c/ol\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFor more information on security with Rockwell Automation products, please refer to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\"\u003eRockwell\u2019s Security Advisory Index\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Rockwell recommends updating to the newest firmware patches to fix the vulnerabilities, but if not able to do so right away, then Rockwell advises immediately employing the following mitigations for each of the affected products.\n\n\n\n\n\nTo mitigate the vulnerability with the Web server password authentication mechanism:\n\n * Upgrade the MicroLogix 1400 firmware to FRN 12 or higher.\n * Because of limitations in the MicroLogix 1100 platform, none of the firmware updates will be able to fix this issue, so users should use the following techniques to help reduce the likelihood of compromise.\n * Where possible, disable the Web server and change all default Administrator and Guest passwords.\n * If Web server functionality is needed, then Rockwell recommends upgrading the product\u2019s firmware to the most current version to have the newest enhanced protections available such as: * When a controller receives two consecutive invalid authentication requests from an HTTP client, the controller resets the Authentication Counter after 60 minutes.\n * When a controller receives 10 invalid authentication requests from any HTTP client, it will not accept any valid or invalid authentication packets until a 24-hour HTTP Server Lock Timer timeout.\n\n * If Web server functionality is needed, Rockwell also recommends configuring user accounts to have READ only access to the product so those accounts cannot be used to make configuration change\nIn addition to the above, Rockwell recommends concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, they suggest you apply multiple recommendations and complement this list with your own best-practices:\n\n * Employ layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to http://www.ab.com/networks/architectures.html for comprehensive information about implementing validated architectures designed to deliver these measures.\n * Restrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to be in contact with control system equipment.\n * Employ firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.\n * Use up-to-date end-point protection software (e.g., antivirus/antimalware software) on all PC-based assets.\n * Make sure that software and control system device firmware is patched to current releases.\n * Periodically change passwords in control system components and infrastructure devices.\n * Where applicable, set the controller key-switch/mode-switch to RUN mode.\n\n\n\n\nFor more information on security with Rockwell Automation products, please refer to Rockwell\u2019s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 ."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-6439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that modifies the (1) configuration or (2) network parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-6440",
"datePublished": "2013-01-24T21:00:00Z",
"dateReserved": "2012-12-26T00:00:00Z",
"dateUpdated": "2025-06-30T22:03:01.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0760 (GCVE-0-2014-0760)
Vulnerability from cvelistv5
Published
2014-04-25 01:00
Modified
2025-07-02 20:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1
Modular Controller with CoDeSys and SoftMotion provide an undocumented
access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application
crash) via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Festo | CECX-X-C1 Modular Master Controller with CoDeSys |
Version: all |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CECX-X-C1 Modular Master Controller with CoDeSys",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CECX-X-M1 Modular Controller with CoDeSys and SoftMotion",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "K. Reid Wightman of IOActive, Inc. has identified vulnerabilities in Festo\u2019s CECX-X-C1 and CECX-X-M1 controllers."
}
],
"datePublic": "2014-04-24T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nThe Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1\n Modular Controller with CoDeSys and SoftMotion provide an undocumented \naccess method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application \ncrash) via unspecified vectors.\n\n\u003c/p\u003e"
}
],
"value": "The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1\n Modular Controller with CoDeSys and SoftMotion provide an undocumented \naccess method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application \ncrash) via unspecified vectors."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T20:29:50.796Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01"
}
],
"source": {
"advisory": "ICSA-14-084-01",
"discovery": "EXTERNAL"
},
"title": "Festo CECX-X-(C1/M1) Controller Improper Authentication",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFesto has decided not to resolve these vulnerabilities, placing \ncritical infrastructure asset owners using this product at risk. This \nadvisory is being published to alert critical infrastructure asset \nowners of the risk of using this equipment, and to increase compensating\n security measures if possible.\u0026nbsp;Some of these compensating measures can be:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize network exposure for all control system devices and/or \nsystems, and ensure that they are not accessible from the Internet.\u003c/li\u003e\n\u003cli\u003eLocate control system networks and remote devices behind firewalls, and isolate them from the business network.\u003c/li\u003e\n\u003cli\u003eWhen remote access is required, use secure methods, such as Virtual \nPrivate Networks (VPNs), recognizing that VPNs may have vulnerabilities \nand should be updated to the most current version available. Also \nrecognize that VPN is only as secure as the connected devices.\u003c/li\u003e\n\u003cli\u003eInvestigate the practicality of configuring and deploying an \nintrusion detection system (IDS) to log and monitor the control system \nnetwork, as well as adjacent networks.\u003c/li\u003e\n\u003cli\u003eConfigure, activate, and test existing defenses, such as port \nsecurity and traffic logging, among other defensive strategies in the \nrecommended practices document listed below.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "Festo has decided not to resolve these vulnerabilities, placing \ncritical infrastructure asset owners using this product at risk. This \nadvisory is being published to alert critical infrastructure asset \nowners of the risk of using this equipment, and to increase compensating\n security measures if possible.\u00a0Some of these compensating measures can be:\n\n\n\n * Minimize network exposure for all control system devices and/or \nsystems, and ensure that they are not accessible from the Internet.\n\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n\n * When remote access is required, use secure methods, such as Virtual \nPrivate Networks (VPNs), recognizing that VPNs may have vulnerabilities \nand should be updated to the most current version available. Also \nrecognize that VPN is only as secure as the connected devices.\n\n * Investigate the practicality of configuring and deploying an \nintrusion detection system (IDS) to log and monitor the control system \nnetwork, as well as adjacent networks.\n\n * Configure, activate, and test existing defenses, such as port \nsecurity and traffic logging, among other defensive strategies in the \nrecommended practices document listed below."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0760",
"datePublished": "2014-04-25T01:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-07-02T20:29:50.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0769 (GCVE-0-2014-0769)
Vulnerability from cvelistv5
Published
2014-04-25 01:00
Modified
2025-07-02 20:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Festo | CECX-X-C1 Modular Master Controller with CoDeSys |
Version: all |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CECX-X-C1 Modular Master Controller with CoDeSys",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CECX-X-M1 Modular Controller with CoDeSys and SoftMotion",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "K. Reid Wightman of IOActive, Inc. has identified vulnerabilities in Festo\u2019s CECX-X-C1 and CECX-X-M1 controllers."
}
],
"datePublic": "2014-04-24T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.\u003c/p\u003e"
}
],
"value": "The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T20:26:44.615Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01"
}
],
"source": {
"advisory": "ICSA-14-084-01",
"discovery": "EXTERNAL"
},
"title": "Festo CECX-X-(C1/M1) Controller Improper Authentication",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFesto has decided not to resolve these vulnerabilities, placing \ncritical infrastructure asset owners using this product at risk. This \nadvisory is being published to alert critical infrastructure asset \nowners of the risk of using this equipment, and to increase compensating\n security measures if possible.\u0026nbsp;Some of these compensating measures can be:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize network exposure for all control system devices and/or \nsystems, and ensure that they are not accessible from the Internet.\u003c/li\u003e\n\u003cli\u003eLocate control system networks and remote devices behind firewalls, and isolate them from the business network.\u003c/li\u003e\n\u003cli\u003eWhen remote access is required, use secure methods, such as Virtual \nPrivate Networks (VPNs), recognizing that VPNs may have vulnerabilities \nand should be updated to the most current version available. Also \nrecognize that VPN is only as secure as the connected devices.\u003c/li\u003e\n\u003cli\u003eInvestigate the practicality of configuring and deploying an \nintrusion detection system (IDS) to log and monitor the control system \nnetwork, as well as adjacent networks.\u003c/li\u003e\n\u003cli\u003eConfigure, activate, and test existing defenses, such as port \nsecurity and traffic logging, among other defensive strategies in the \nrecommended practices document listed below.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "Festo has decided not to resolve these vulnerabilities, placing \ncritical infrastructure asset owners using this product at risk. This \nadvisory is being published to alert critical infrastructure asset \nowners of the risk of using this equipment, and to increase compensating\n security measures if possible.\u00a0Some of these compensating measures can be:\n\n\n\n * Minimize network exposure for all control system devices and/or \nsystems, and ensure that they are not accessible from the Internet.\n\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n\n * When remote access is required, use secure methods, such as Virtual \nPrivate Networks (VPNs), recognizing that VPNs may have vulnerabilities \nand should be updated to the most current version available. Also \nrecognize that VPN is only as secure as the connected devices.\n\n * Investigate the practicality of configuring and deploying an \nintrusion detection system (IDS) to log and monitor the control system \nnetwork, as well as adjacent networks.\n\n * Configure, activate, and test existing defenses, such as port \nsecurity and traffic logging, among other defensive strategies in the \nrecommended practices document listed below."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0769",
"datePublished": "2014-04-25T01:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-07-02T20:26:44.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5412 (GCVE-0-2014-5412)
Vulnerability from cvelistv5
Published
2014-09-18 10:00
Modified
2025-11-04 22:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric | ClearSCADA |
Version: 2010 R3 (build 72.4560) Version: 2010 R3.1 (build 72.4644) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2010 R3 (build 72.4560)"
},
{
"status": "affected",
"version": "2010 R3.1 (build 72.4644)"
},
{
"status": "unaffected",
"version": "2010 R3.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SCADA Expert ClearSCADA",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2013 R1 (build 73.4729)"
},
{
"status": "affected",
"version": "2013 R1.1 (build 73.4832)"
},
{
"status": "affected",
"version": "2013 R1.1a (build 73.4903)"
},
{
"status": "affected",
"version": "2013 R1.2 (build 73.4955)"
},
{
"status": "affected",
"version": "2013 R2 (build 74.5094)"
},
{
"status": "affected",
"version": "2013 R2.1 (build 74.5192)"
},
{
"status": "affected",
"version": "2014 R1 (build 75.5210)"
},
{
"status": "unaffected",
"version": "2014 R1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aditya Sood"
}
],
"datePublic": "2014-09-16T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account."
}
],
"value": "Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T22:56:12.970Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-259-01a"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-259-01a.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSchneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\u003c/p\u003e\n\u003cp\u003eExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\u003c/p\u003e\n\u003cp\u003eSchneider Electric has corrected these vulnerabilities in the following service packs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eClearSCADA 2010 R3.2, Released October 2014, and\u003c/li\u003e\n\u003cli\u003eSCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update...\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eNew Service packs for ClearSCADA are available for download here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\"\u003ehttp://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Schneider Electric advises all ClearSCADA users to take steps to \nsecure the interfaces to the ClearSCADA system. The ClearSCADA database \nsecurity configuration should be reviewed and updated to limit all \nsystem access to authorized users only. The access permissions of \nexisting users should be reduced to only those required by their role \n(e.g., removing any higher level System Administration privileges from \nOperations or Engineering users), and specific accounts should be \ncreated with appropriate permissions for performing System \nAdministration tasks.\n\n\nExisting ClearSCADA customers using WebX can protect their system \nfrom cross-site scripting attacks by disabling the \u201cAllow database \nshutdown via WebX\u201d option within the ClearSCADA Server Configuration \nutility.\n\n\nExisting ClearSCADA customers should take measures to ensure their \nsystem does not grant any system access until users have supplied a \nvalid username and password.\n\n\nSchneider Electric has corrected the default user security \npermissions; however, upgrading an existing vulnerable installation to a\n new version will not affect existing configured database security \npermissions. Therefore, the measures suggested here are strongly \nrecommended for all users.\n\n\nSchneider Electric has corrected these vulnerabilities in the following service packs:\n\n\n\n * ClearSCADA 2010 R3.2, Released October 2014, and\n\n * SCADA Expert ClearSCADA 2014 R1.1, Released October 2014.\n\n\n\n\nIf asset owners wish to upgrade to a new ClearSCADA Service Pack, \nplease contact the local Schneider Electric office for the latest \nsoftware version for ClearSCADA; alternatively, these new versions are \navailable for direct download from the Schneider Electric web site. To \nupdate their license (not required when upgrading to a service pack of \nthe same version), asset owners are required to complete and submit an \nonline form, which is available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update... http://resourcecenter.controlmicrosystems.com/display/CS/StruxureWare+SCADA+Expert+ClearSCADA+Update+Request+Form \n\n\nNew Service packs for ClearSCADA are available for download here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/SCADA+Expert+ClearSCADA+Support \n\n\nGeneral instructions on how to upgrade the ClearSCADA license (if required) are available here:\n\n\n http://resourcecenter.controlmicrosystems.com/display/CS/Updating+Your+ClearSCADA+License"
}
],
"source": {
"advisory": "ICSA-14-259-01",
"discovery": "EXTERNAL"
},
"title": "Schneider Electric SCADA Expert ClearSCADA Improper Authentication",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-259-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5412",
"datePublished": "2014-09-18T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-04T22:56:12.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-3167 (GCVE-0-2017-3167)
Vulnerability from cvelistv5
Published
2017-06-20 01:00
Modified
2025-11-04 16:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Authentication Bypass ()
Summary
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Version: 2.2.0 to 2.2.32 Version: 2.4.0 to 2.4.25 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:09:10.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208221"
},
{
"name": "RHSA-2017:2479",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2479"
},
{
"name": "RHSA-2017:2483",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2483"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180601-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.nomachine.com/SU08O00185"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us"
},
{
"name": "RHSA-2017:3475",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3475"
},
{
"name": "99135",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99135"
},
{
"name": "RHSA-2017:3195",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3195"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "RHSA-2017:3476",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3476"
},
{
"name": "[dev] 20170619 CVE-2017-3167: ap_get_basic_auth_pw authentication bypass",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4%40%3Cdev.httpd.apache.org%3E"
},
{
"name": "RHSA-2017:3477",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3477"
},
{
"name": "DSA-3896",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3896"
},
{
"name": "RHSA-2017:3194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3194"
},
{
"name": "RHSA-2017:3193",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3193"
},
{
"name": "1038711",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038711"
},
{
"name": "GLSA-201710-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-32"
},
{
"name": "RHSA-2017:2478",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2478"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Sep/22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "2.2.0 to 2.2.32"
},
{
"status": "affected",
"version": "2.4.0 to 2.4.25"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Authentication Bypass (CWE-287)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-06T10:12:00.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208221"
},
{
"name": "RHSA-2017:2479",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2479"
},
{
"name": "RHSA-2017:2483",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2483"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180601-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.nomachine.com/SU08O00185"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us"
},
{
"name": "RHSA-2017:3475",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3475"
},
{
"name": "99135",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99135"
},
{
"name": "RHSA-2017:3195",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3195"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "RHSA-2017:3476",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3476"
},
{
"name": "[dev] 20170619 CVE-2017-3167: ap_get_basic_auth_pw authentication bypass",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4%40%3Cdev.httpd.apache.org%3E"
},
{
"name": "RHSA-2017:3477",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3477"
},
{
"name": "DSA-3896",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3896"
},
{
"name": "RHSA-2017:3194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3194"
},
{
"name": "RHSA-2017:3193",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3193"
},
{
"name": "1038711",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038711"
},
{
"name": "GLSA-201710-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-32"
},
{
"name": "RHSA-2017:2478",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2478"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2017-3167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value": "2.2.0 to 2.2.32"
},
{
"version_value": "2.4.0 to 2.4.25"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass (CWE-287)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208221"
},
{
"name": "RHSA-2017:2479",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2479"
},
{
"name": "RHSA-2017:2483",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2483"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180601-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180601-0002/"
},
{
"name": "https://www.nomachine.com/SU08O00185",
"refsource": "CONFIRM",
"url": "https://www.nomachine.com/SU08O00185"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us"
},
{
"name": "RHSA-2017:3475",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3475"
},
{
"name": "99135",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99135"
},
{
"name": "RHSA-2017:3195",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3195"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "RHSA-2017:3476",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3476"
},
{
"name": "[dev] 20170619 CVE-2017-3167: ap_get_basic_auth_pw authentication bypass",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4@%3Cdev.httpd.apache.org%3E"
},
{
"name": "RHSA-2017:3477",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3477"
},
{
"name": "DSA-3896",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3896"
},
{
"name": "RHSA-2017:3194",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3194"
},
{
"name": "RHSA-2017:3193",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3193"
},
{
"name": "1038711",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038711"
},
{
"name": "GLSA-201710-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-32"
},
{
"name": "RHSA-2017:2478",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2478"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://www.tenable.com/security/tns-2019-09",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-3167",
"datePublished": "2017-06-20T01:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2025-11-04T16:09:10.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-22893 (GCVE-0-2021-22893)
Vulnerability from cvelistv5
Published
2021-04-23 16:29
Modified
2025-10-21 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication - Generic ()
Summary
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Pulse Connect Secure |
Version: PCS 9.0R3 or above, PCS 9.1R1 and above |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:24.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/213092"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.pulsesecure.net/pulse-connect-secure-security-update/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/213092"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-22893",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-23T21:35:28.790735Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22893"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:48.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22893"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2021-22893 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Pulse Connect Secure",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCS 9.0R3 or above, PCS 9.1R1 and above"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication - Generic (CWE-287)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-23T16:29:43.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.pulsesecure.net/pulse-connect-secure-security-update/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cert.org/vuls/id/213092"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pulse Connect Secure",
"version": {
"version_data": [
{
"version_value": "PCS 9.0R3 or above, PCS 9.1R1 and above"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication - Generic (CWE-287)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/",
"refsource": "MISC",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/"
},
{
"name": "https://blog.pulsesecure.net/pulse-connect-secure-security-update/",
"refsource": "MISC",
"url": "https://blog.pulsesecure.net/pulse-connect-secure-security-update/"
},
{
"name": "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html",
"refsource": "MISC",
"url": "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
},
{
"name": "https://kb.cert.org/vuls/id/213092",
"refsource": "MISC",
"url": "https://kb.cert.org/vuls/id/213092"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22893",
"datePublished": "2021-04-23T16:29:43.000Z",
"dateReserved": "2021-01-06T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:48.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32648 (GCVE-0-2021-32648)
Vulnerability from cvelistv5
Published
2021-08-26 19:00
Modified
2025-10-21 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| octobercms | october |
Version: >= 1.0.471, < 1.0.472 Version: >= 1.1.1, < 1.1.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/octobercms/october/security/advisories/GHSA-mxr5-mc97-63rc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/octobercms/library/commit/016a297b1bec55d2e53bc889458ed2cb5c3e9374"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/octobercms/library/commit/5bd1a28140b825baebe6becd4f7562299d3de3b9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-32648",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T19:37:19.296739Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-01-18",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-32648"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:36.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-32648"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-01-18T00:00:00+00:00",
"value": "CVE-2021-32648 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "october",
"vendor": "octobercms",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.471, \u003c 1.0.472"
},
{
"status": "affected",
"version": "\u003e= 1.1.1, \u003c 1.1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-26T19:00:12.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/octobercms/october/security/advisories/GHSA-mxr5-mc97-63rc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/octobercms/library/commit/016a297b1bec55d2e53bc889458ed2cb5c3e9374"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/octobercms/library/commit/5bd1a28140b825baebe6becd4f7562299d3de3b9"
}
],
"source": {
"advisory": "GHSA-mxr5-mc97-63rc",
"discovery": "UNKNOWN"
},
"title": "Account Takeover in Octobercms",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32648",
"STATE": "PUBLIC",
"TITLE": "Account Takeover in Octobercms"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "october",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.0.471, \u003c 1.0.472"
},
{
"version_value": "\u003e= 1.1.1, \u003c 1.1.5"
}
]
}
}
]
},
"vendor_name": "octobercms"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/octobercms/october/security/advisories/GHSA-mxr5-mc97-63rc",
"refsource": "CONFIRM",
"url": "https://github.com/octobercms/october/security/advisories/GHSA-mxr5-mc97-63rc"
},
{
"name": "https://github.com/octobercms/library/commit/016a297b1bec55d2e53bc889458ed2cb5c3e9374",
"refsource": "MISC",
"url": "https://github.com/octobercms/library/commit/016a297b1bec55d2e53bc889458ed2cb5c3e9374"
},
{
"name": "https://github.com/octobercms/library/commit/5bd1a28140b825baebe6becd4f7562299d3de3b9",
"refsource": "MISC",
"url": "https://github.com/octobercms/library/commit/5bd1a28140b825baebe6becd4f7562299d3de3b9"
}
]
},
"source": {
"advisory": "GHSA-mxr5-mc97-63rc",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32648",
"datePublished": "2021-08-26T19:00:12.000Z",
"dateReserved": "2021-05-12T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:36.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3652 (GCVE-0-2021-3652)
Vulnerability from cvelistv5
Published
2022-04-18 00:00
Modified
2025-11-03 20:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | 389-ds-base |
Version: 389-ds-base 2.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:33:48.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982782"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/389ds/389-ds-base/issues/4817"
},
{
"name": "[debian-lts-announce] 20230424 [SECURITY] [DLA 3399-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "389-ds-base",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "389-ds-base 2.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982782"
},
{
"url": "https://github.com/389ds/389-ds-base/issues/4817"
},
{
"name": "[debian-lts-announce] 20230424 [SECURITY] [DLA 3399-1] 389-ds-base security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3652",
"datePublished": "2022-04-18T00:00:00.000Z",
"dateReserved": "2021-07-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T20:33:48.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use an authentication framework or library such as the OWASP ESAPI Authentication feature.
CAPEC-114: Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.
CAPEC-115: Authentication Bypass
An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.
CAPEC-151: Identity Spoofing
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
CAPEC-194: Fake the Source of Data
An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
CAPEC-22: Exploiting Trust in Client
An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.
CAPEC-593: Session Hijacking
This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.
CAPEC-633: Token Impersonation
An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.
CAPEC-650: Upload a Web Shell to a Web Server
By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.
CAPEC-94: Adversary in the Middle (AiTM)
An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.