CVE-2021-27481

EPSS 0.03%
Veröffentlicht 16.06.2021 12:15:12
Zuletzt bearbeitet 21.11.2024 05:58:04
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zoll ≫ Defibrillator Dashboard Version < 2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.083

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-321 Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2021-27481

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-27481

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-27481

EUVD