CVE-2021-32926

EPSS 0.1%
Veröffentlicht 03.06.2021 13:15:07
Zuletzt bearbeitet 21.11.2024 06:07:56
Quelle ics-cert@hq.dhs.gov
Teams Watchlist Login
Unerledigt Login

When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to authenticate to the controller (Micro800: All versions, MicroLogix 1400: Version 21 and later) causing a denial-of-service condition

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rockwellautomation ≫ Micro800 Firmware

Rockwellautomation ≫ Micro800 Version-

Rockwellautomation ≫ Micrologix 1400 Firmware Version >= 21.0

Rockwellautomation ≫ Micrologix 1400 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.273

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-300 Channel Accessible by Non-Endpoint

The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.

https://us-cert.cisa.gov/ics/advisories/icsa-21-145-02

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2021-32926

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-32926

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-32926

EUVD