CVE-2021-33842

EPSS 0.12%
Veröffentlicht 09.06.2021 12:15:07
Zuletzt bearbeitet 21.11.2024 06:09:40
Quelle cve-coordination@incibe.es
CVE-Watchlists
Login
Unerledigt
Login

Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Circutor ≫ Sge-plc1000 Firmware Version0.9.2b

Circutor ≫ Sge-plc1000 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.308

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.7	5.1	10	AV:A/AC:L/Au:S/C:C/I:C/A:C
cve-coordination@incibe.es	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-565 Reliance on Cookies without Validation and Integrity Checking

The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/circutor-sge-plc1000-improper-authentication

https://nvd.nist.gov/vuln/detail/CVE-2021-33842

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-33842

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-33842

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-33842