CVE-2021-38485

EPSS 0.22%
Veröffentlicht 22.10.2021 14:15:08
Zuletzt bearbeitet 21.11.2024 06:17:13
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Emerson ≫ Wireless 1410 Gateway Firmware Version < 4.7.94

Emerson ≫ Wireless 1410 Gateway

Emerson ≫ Wireless 1410d Gateway Firmware Version < 4.7.94

Emerson ≫ Wireless 1410d Gateway

Emerson ≫ Wireless 1420 Gateway Firmware Version < 4.7.94

Emerson ≫ Wireless 1420 Gateway Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.449

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
ics-cert@hq.dhs.gov	8	2.1	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02

Patch

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2021-38485

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-38485

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-38485

EUVD