Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by PRIMION DIGITEK
CVE-2026-1523 (GCVE-0-2026-1523)
Vulnerability from nvd – Published: 2026-02-05 13:16 – Updated: 2026-02-05 14:29
VLAI
Title
Path Traversal in Digitek from Grupo Azkoyen
Summary
Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from PRIMION DIGITEK, S.L.U (Azkoyen Group). This vulnerability allows an attacker to access arbitrary files in the server's file system, thet is, 'http://<host>/..%2F..% 2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd'. By manipulating the input to include URL encoded directory traversal sequences (e.g., %2F representing /), an attacker can bypass the input validation mechanisms ans retrieve sensitive files outside the intended directory, which could lead to information disclosure or further system compromise.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.incibe.es/en/incibe-cert/notices/avis… | patch |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| PRIMION DIGITEK | Digitek ADT1100 |
Affected:
all versions
|
|
| PRIMION DIGITEK | Digitek DT950 |
Affected:
all versions
|
Date Public
2026-02-05 11:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1523",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-05T14:25:31.077276Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T14:29:09.926Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Digitek ADT1100",
"vendor": "PRIMION DIGITEK",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digitek DT950",
"vendor": "PRIMION DIGITEK",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:primion_digitek:digitek_adt1100:all_versions:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:primion_digitek:digitek_dt950:all_versions:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u00d3scar Atienza Vendrell"
}
],
"datePublic": "2026-02-05T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from PRIMION DIGITEK, S.L.U (Azkoyen Group). This vulnerability allows an attacker to access arbitrary files in the server\u0027s file system, thet is, \u0027http://\u0026lt;host\u0026gt;/..%2F..% 2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd\u0027. By manipulating the input to include URL encoded directory traversal sequences (e.g., %2F representing /), an attacker can bypass the input validation mechanisms ans retrieve sensitive files outside the intended directory, which could lead to information disclosure or further system compromise."
}
],
"value": "Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from PRIMION DIGITEK, S.L.U (Azkoyen Group). This vulnerability allows an attacker to access arbitrary files in the server\u0027s file system, thet is, \u0027http://\u003chost\u003e/..%2F..% 2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd\u0027. By manipulating the input to include URL encoded directory traversal sequences (e.g., %2F representing /), an attacker can bypass the input validation mechanisms ans retrieve sensitive files outside the intended directory, which could lead to information disclosure or further system compromise."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T13:16:30.583Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/path-traversal-digitek-grupo-azkoyen"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been fixed in the latest version of the affected products."
}
],
"value": "The vulnerability has been fixed in the latest version of the affected products."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Path Traversal in Digitek from Grupo Azkoyen",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2026-1523",
"datePublished": "2026-02-05T13:16:30.583Z",
"dateReserved": "2026-01-28T10:54:43.233Z",
"dateUpdated": "2026-02-05T14:29:09.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-3604 (GCVE-0-2021-3604)
Vulnerability from nvd – Published: 2021-06-18 14:14 – Updated: 2024-09-16 23:06
VLAI
Title
Primion-Digitek Secure 8 SQL injection vulnerability
Summary
Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database.
Severity
9.8 (Critical)
CWE
- CWE 89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.incibe-cert.es/en/early-warning/ics-a… | x_refsource_CONFIRM |
| http://titaniumaics.blogspot.com/2021/06/vulnerab… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Primion Digitek | Secure 8 (Evalos) |
Affected:
1.0.1.55
|
Date Public
2021-06-18 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/primion-digitek-secure-8-sql-injection-vulnerability"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://titaniumaics.blogspot.com/2021/06/vulnerabilidad-zero-day-en-primion.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Secure 8 (Evalos)",
"vendor": "Primion Digitek",
"versions": [
{
"status": "affected",
"version": "1.0.1.55"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ander Mart\u00ednez of Titanium Industrial Security."
}
],
"datePublic": "2021-06-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database."
}
],
"exploits": [
{
"lang": "en",
"value": "http://titaniumaics.blogspot.com/2021/06/vulnerabilidad-zero-day-en-primion.html"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE 89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-18T14:14:47.000Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/primion-digitek-secure-8-sql-injection-vulnerability"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://titaniumaics.blogspot.com/2021/06/vulnerabilidad-zero-day-en-primion.html"
}
],
"solutions": [
{
"lang": "en",
"value": "This vulnerability has been solved by Primion-Digitek in Evalos8 3.3.5."
}
],
"source": {
"advisory": "INCIBE-2021-0243",
"discovery": "EXTERNAL"
},
"title": "Primion-Digitek Secure 8 SQL injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2021-06-18T08:00:00.000Z",
"ID": "CVE-2021-3604",
"STATE": "PUBLIC",
"TITLE": "Primion-Digitek Secure 8 SQL injection vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Secure 8 (Evalos)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "1.0.1.55",
"version_value": "1.0.1.55"
}
]
}
}
]
},
"vendor_name": "Primion Digitek"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ander Mart\u00ednez of Titanium Industrial Security."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database."
}
]
},
"exploit": [
{
"lang": "en",
"value": "http://titaniumaics.blogspot.com/2021/06/vulnerabilidad-zero-day-en-primion.html"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE 89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/primion-digitek-secure-8-sql-injection-vulnerability",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/primion-digitek-secure-8-sql-injection-vulnerability"
},
{
"name": "http://titaniumaics.blogspot.com/2021/06/vulnerabilidad-zero-day-en-primion.html",
"refsource": "CONFIRM",
"url": "http://titaniumaics.blogspot.com/2021/06/vulnerabilidad-zero-day-en-primion.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "This vulnerability has been solved by Primion-Digitek in Evalos8 3.3.5."
}
],
"source": {
"advisory": "INCIBE-2021-0243",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2021-3604",
"datePublished": "2021-06-18T14:14:47.260Z",
"dateReserved": "2021-06-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:06:31.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-1523 (GCVE-0-2026-1523)
Vulnerability from cvelistv5 – Published: 2026-02-05 13:16 – Updated: 2026-02-05 14:29
VLAI
Title
Path Traversal in Digitek from Grupo Azkoyen
Summary
Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from PRIMION DIGITEK, S.L.U (Azkoyen Group). This vulnerability allows an attacker to access arbitrary files in the server's file system, thet is, 'http://<host>/..%2F..% 2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd'. By manipulating the input to include URL encoded directory traversal sequences (e.g., %2F representing /), an attacker can bypass the input validation mechanisms ans retrieve sensitive files outside the intended directory, which could lead to information disclosure or further system compromise.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.incibe.es/en/incibe-cert/notices/avis… | patch |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| PRIMION DIGITEK | Digitek ADT1100 |
Affected:
all versions
|
|
| PRIMION DIGITEK | Digitek DT950 |
Affected:
all versions
|
Date Public
2026-02-05 11:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1523",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-05T14:25:31.077276Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T14:29:09.926Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Digitek ADT1100",
"vendor": "PRIMION DIGITEK",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digitek DT950",
"vendor": "PRIMION DIGITEK",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:primion_digitek:digitek_adt1100:all_versions:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:primion_digitek:digitek_dt950:all_versions:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u00d3scar Atienza Vendrell"
}
],
"datePublic": "2026-02-05T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from PRIMION DIGITEK, S.L.U (Azkoyen Group). This vulnerability allows an attacker to access arbitrary files in the server\u0027s file system, thet is, \u0027http://\u0026lt;host\u0026gt;/..%2F..% 2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd\u0027. By manipulating the input to include URL encoded directory traversal sequences (e.g., %2F representing /), an attacker can bypass the input validation mechanisms ans retrieve sensitive files outside the intended directory, which could lead to information disclosure or further system compromise."
}
],
"value": "Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from PRIMION DIGITEK, S.L.U (Azkoyen Group). This vulnerability allows an attacker to access arbitrary files in the server\u0027s file system, thet is, \u0027http://\u003chost\u003e/..%2F..% 2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd\u0027. By manipulating the input to include URL encoded directory traversal sequences (e.g., %2F representing /), an attacker can bypass the input validation mechanisms ans retrieve sensitive files outside the intended directory, which could lead to information disclosure or further system compromise."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T13:16:30.583Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/path-traversal-digitek-grupo-azkoyen"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been fixed in the latest version of the affected products."
}
],
"value": "The vulnerability has been fixed in the latest version of the affected products."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Path Traversal in Digitek from Grupo Azkoyen",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2026-1523",
"datePublished": "2026-02-05T13:16:30.583Z",
"dateReserved": "2026-01-28T10:54:43.233Z",
"dateUpdated": "2026-02-05T14:29:09.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-3604 (GCVE-0-2021-3604)
Vulnerability from cvelistv5 – Published: 2021-06-18 14:14 – Updated: 2024-09-16 23:06
VLAI
Title
Primion-Digitek Secure 8 SQL injection vulnerability
Summary
Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database.
Severity
9.8 (Critical)
CWE
- CWE 89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.incibe-cert.es/en/early-warning/ics-a… | x_refsource_CONFIRM |
| http://titaniumaics.blogspot.com/2021/06/vulnerab… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Primion Digitek | Secure 8 (Evalos) |
Affected:
1.0.1.55
|
Date Public
2021-06-18 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/primion-digitek-secure-8-sql-injection-vulnerability"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://titaniumaics.blogspot.com/2021/06/vulnerabilidad-zero-day-en-primion.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Secure 8 (Evalos)",
"vendor": "Primion Digitek",
"versions": [
{
"status": "affected",
"version": "1.0.1.55"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ander Mart\u00ednez of Titanium Industrial Security."
}
],
"datePublic": "2021-06-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database."
}
],
"exploits": [
{
"lang": "en",
"value": "http://titaniumaics.blogspot.com/2021/06/vulnerabilidad-zero-day-en-primion.html"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE 89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-18T14:14:47.000Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/primion-digitek-secure-8-sql-injection-vulnerability"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://titaniumaics.blogspot.com/2021/06/vulnerabilidad-zero-day-en-primion.html"
}
],
"solutions": [
{
"lang": "en",
"value": "This vulnerability has been solved by Primion-Digitek in Evalos8 3.3.5."
}
],
"source": {
"advisory": "INCIBE-2021-0243",
"discovery": "EXTERNAL"
},
"title": "Primion-Digitek Secure 8 SQL injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2021-06-18T08:00:00.000Z",
"ID": "CVE-2021-3604",
"STATE": "PUBLIC",
"TITLE": "Primion-Digitek Secure 8 SQL injection vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Secure 8 (Evalos)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "1.0.1.55",
"version_value": "1.0.1.55"
}
]
}
}
]
},
"vendor_name": "Primion Digitek"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ander Mart\u00ednez of Titanium Industrial Security."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database."
}
]
},
"exploit": [
{
"lang": "en",
"value": "http://titaniumaics.blogspot.com/2021/06/vulnerabilidad-zero-day-en-primion.html"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE 89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/primion-digitek-secure-8-sql-injection-vulnerability",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/primion-digitek-secure-8-sql-injection-vulnerability"
},
{
"name": "http://titaniumaics.blogspot.com/2021/06/vulnerabilidad-zero-day-en-primion.html",
"refsource": "CONFIRM",
"url": "http://titaniumaics.blogspot.com/2021/06/vulnerabilidad-zero-day-en-primion.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "This vulnerability has been solved by Primion-Digitek in Evalos8 3.3.5."
}
],
"source": {
"advisory": "INCIBE-2021-0243",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2021-3604",
"datePublished": "2021-06-18T14:14:47.260Z",
"dateReserved": "2021-06-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:06:31.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}