var-202108-2252
Vulnerability from variot
mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories. mySCADA Provided by the company myPRO contains multiple vulnerabilities: * Inadequate access control ( CWE-284 ) - CVE-2021-33013 It was * Unlimited uploads of dangerous file types ( CWE-434 ) - CVE-2021-33009 It was * Path Traversal ( CWE-22 ) - CVE-2021-33005 It was * Information leakage due to disclosure of directory information ( CWE-548 ) - CVE-2021-27505The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2021-33005 It was * Sensitive directory listing information may be read by a remote attacker - CVE-2021-27505. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202108-2252", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mypro", "scope": "lt", "trust": 1.0, "vendor": "myscada", "version": "8.20.0" }, { "model": "mypro", "scope": "eq", "trust": 0.8, "vendor": "myscada", "version": null }, { "model": "mypro", "scope": "eq", "trust": 0.8, "vendor": "myscada", "version": "v8.20.0 all previous s" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002267" }, { "db": "NVD", "id": "CVE-2021-33005" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Michael Heinzl reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202108-512" } ], "trust": 0.6 }, "cve": "CVE-2021-33005", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2021-33005", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2021-33005", "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2021-002267", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-33005", "trust": 1.0, "value": "HIGH" }, { "author": "ics-cert@hq.dhs.gov", "id": "CVE-2021-33005", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2021-002267", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202108-512", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002267" }, { "db": "CNNVD", "id": "CNNVD-202108-512" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "NVD", "id": "CVE-2021-33005" }, { "db": "NVD", "id": "CVE-2021-33005" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories. mySCADA Provided by the company myPRO contains multiple vulnerabilities: * Inadequate access control ( CWE-284 ) - CVE-2021-33013 It was * Unlimited uploads of dangerous file types ( CWE-434 ) - CVE-2021-33009 It was * Path Traversal ( CWE-22 ) - CVE-2021-33005 It was * Information leakage due to disclosure of directory information ( CWE-548 ) - CVE-2021-27505The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2021-33005 It was * Sensitive directory listing information may be read by a remote attacker - CVE-2021-27505. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-33005" }, { "db": "JVNDB", "id": "JVNDB-2021-002267" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-33005" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-33005", "trust": 3.3 }, { "db": "ICS CERT", "id": "ICSA-21-217-03", "trust": 2.5 }, { "db": "JVN", "id": "JVNVU94730303", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-002267", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021080605", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2659", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202108-512", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-33005", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-33005" }, { "db": "JVNDB", "id": "JVNDB-2021-002267" }, { "db": "CNNVD", "id": "CNNVD-202108-512" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "NVD", "id": "CVE-2021-33005" } ] }, "id": "VAR-202108-2252", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.28945112 }, "last_update_date": "2024-08-14T12:56:39.861000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "VERSION\u00a08.20.0\u00a0RELEASED", "trust": 0.8, "url": "https://www.myscada.org/version-8-20-0-released-security-update/" }, { "title": "mySCADA myPRO Repair measures for path traversal vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159496" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002267" }, { "db": "CNNVD", "id": "CNNVD-202108-512" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.0 }, { "problemtype": "Path traversal (CWE-22) [ others ]", "trust": 0.8 }, { "problemtype": " Inappropriate access control (CWE-284) [ others ]", "trust": 0.8 }, { "problemtype": " Unlimited uploads of dangerous types of files (CWE-434) [ others ]", "trust": 0.8 }, { "problemtype": " Information disclosure through directory listings (CWE-548) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002267" }, { "db": "NVD", "id": "CVE-2021-33005" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03" }, { "trust": 1.7, "url": "https://www.myscada.org/version-8-20-0-released-security-update" }, { "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-217-03" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu94730303" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27505" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33005" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33009" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33013" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2021-33005/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021080605" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2659" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/22.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-33005" }, { "db": "JVNDB", "id": "JVNDB-2021-002267" }, { "db": "CNNVD", "id": "CNNVD-202108-512" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "NVD", "id": "CVE-2021-33005" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-33005" }, { "db": "JVNDB", "id": "JVNDB-2021-002267" }, { "db": "CNNVD", "id": "CNNVD-202108-512" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "NVD", "id": "CVE-2021-33005" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-13T00:00:00", "db": "VULMON", "id": "CVE-2021-33005" }, { "date": "2021-08-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-002267" }, { "date": "2021-08-05T00:00:00", "db": "CNNVD", "id": "CNNVD-202108-512" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-05-13T16:15:07.950000", "db": "NVD", "id": "CVE-2021-33005" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-13T00:00:00", "db": "VULMON", "id": "CVE-2021-33005" }, { "date": "2024-06-20T02:08:00", "db": "JVNDB", "id": "JVNDB-2021-002267" }, { "date": "2022-05-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202108-512" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-05-24T20:41:52.433000", "db": "NVD", "id": "CVE-2021-33005" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202108-512" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "mySCADA\u00a0 Made \u00a0myPRO\u00a0 Multiple vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002267" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-202108-512" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.