Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for CSDJ -D by NEC Platforms, Ltd.

jvndb-2021-000014

Vulnerability from jvndb

Published

2021-02-15 15:52

Modified

2021-02-15 15:52

Severity ?

4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

Calsos CSDJ fails to restrict access permissions

Details

Calsos CSDJ provided by NEC Platforms, Ltd. fails to restrict access permissions (CWE-264), which may lead to an unauthorized user being able to view the historical data without access privileges. Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN87164507/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20653
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20653
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	NEC Platforms, Ltd.	CSDJ -A
	NEC Platforms, Ltd.	CSDJ -B
	NEC Platforms, Ltd.	CSDJ -D
	NEC Platforms, Ltd.	CSDJ -H

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000014.html",
  "dc:date": "2021-02-15T15:52+09:00",
  "dcterms:issued": "2021-02-15T15:52+09:00",
  "dcterms:modified": "2021-02-15T15:52+09:00",
  "description": "Calsos CSDJ provided by NEC Platforms, Ltd. fails to restrict access permissions (CWE-264), which may lead to an unauthorized user being able to view the historical data without access privileges.\r\n\r\nTakayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000014.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:necplatforms:calsos_csdj-a_firmware",
      "@product": "CSDJ -A",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:necplatforms:calsos_csdj-b_firmware",
      "@product": "CSDJ -B",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:necplatforms:calsos_csdj-d_firmware",
      "@product": "CSDJ -D",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:necplatforms:calsos_csdj-h_firmware",
      "@product": "CSDJ -H",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000014",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN87164507/index.html",
      "@id": "JVN#87164507",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20653",
      "@id": "CVE-2021-20653",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20653",
      "@id": "CVE-2021-20653",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Calsos CSDJ fails to restrict access permissions"
}