cve-2021-33023
Vulnerability from cvelistv5
Published
2021-10-18 12:41
Modified
2024-09-17 03:49
Severity ?
EPSS score ?
Summary
Advantech WebAccess
References
▼ | URL | Tags | |
---|---|---|---|
ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02 | Mitigation, Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02 | Mitigation, Third Party Advisory, US Government Resource |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:42:19.157Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess", "vendor": "Advantech", "versions": [ { "lessThanOrEqual": "9.02", "status": "affected", "version": "All", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Natnael Samson, @NattiSamson, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA." } ], "datePublic": "2021-10-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "HEAP-BASED BUFFER OVERFLOW CWE-122", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-18T12:41:08", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02" } ], "solutions": [ { "lang": "en", "value": "In order to address the heap-based buffer overflow vulnerability, Advantech recommends users directly add the remote access code to avoid being attacked by unknown requests. This is the remote access code established during installation of the Advantech WebAccess SCADA software (SCADA node, project node, or OPC Service) on the OPC Server computer. The access code you enter here must match the remote access code established during installation on the OPC Server. This prevents unauthorized users from accessing the OPC Server data using the Advantech WebAccess SCADA OPC Service.\n\nIf you have forgotten the remote access code using during software installation on the OPC Server node, you have two options:\n\nRe-install the Advantech WebAccess SCADA software on the OPC Server node to change it and edit it to match in your database.\nEdit the BWSERVER.INI file on the OPC Server node and edit it to match in your database using UPDATE." } ], "source": { "advisory": "ICSA-21-285-02", "discovery": "UNKNOWN" }, "title": "Advantech WebAccess", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2021-10-12T19:15:00.000Z", "ID": "CVE-2021-33023", "STATE": "PUBLIC", "TITLE": "Advantech WebAccess" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess", "version": { "version_data": [ { "version_affected": "\u003c=", "version_name": "All", "version_value": "9.02" } ] } } ] }, "vendor_name": "Advantech" } ] } }, "credit": [ { "lang": "eng", "value": "Natnael Samson, @NattiSamson, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "HEAP-BASED BUFFER OVERFLOW CWE-122" } ] } ] }, "references": { "reference_data": [ { "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02" } ] }, "solution": [ { "lang": "en", "value": "In order to address the heap-based buffer overflow vulnerability, Advantech recommends users directly add the remote access code to avoid being attacked by unknown requests. This is the remote access code established during installation of the Advantech WebAccess SCADA software (SCADA node, project node, or OPC Service) on the OPC Server computer. The access code you enter here must match the remote access code established during installation on the OPC Server. This prevents unauthorized users from accessing the OPC Server data using the Advantech WebAccess SCADA OPC Service.\n\nIf you have forgotten the remote access code using during software installation on the OPC Server node, you have two options:\n\nRe-install the Advantech WebAccess SCADA software on the OPC Server node to change it and edit it to match in your database.\nEdit the BWSERVER.INI file on the OPC Server node and edit it to match in your database using UPDATE." } ], "source": { "advisory": "ICSA-21-285-02", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-33023", "datePublished": "2021-10-18T12:41:08.470089Z", "dateReserved": "2021-05-13T00:00:00", "dateUpdated": "2024-09-17T03:49:19.278Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-33023\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2021-10-18T13:15:09.437\",\"lastModified\":\"2024-11-21T06:08:08.777\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.\"},{\"lang\":\"es\",\"value\":\"Advantech WebAccess versiones 9.02 y anteriores, son vulnerables a un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria, que puede permitir a un atacante ejecutar c\u00f3digo de forma remota\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:advantech:webaccess:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.0.2\",\"matchCriteriaId\":\"800E1EAB-1270-42C2-BECE-7110B4D3E9E2\"}]}]}],\"references\":[{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.