Common Weakness Enumeration

CWE-431

Allowed

Missing Handler

Abstraction: Base · Status: Draft

A handler is not available or implemented.

2 vulnerabilities reference this CWE, most recent first.

CVE-2021-40334 (GCVE-0-2021-40334)

Vulnerability from cvelistv5 – Published: 2021-12-02 18:28 – Updated: 2024-09-16 23:11
VLAI
Title
SSH activation problem in the proprietary management protocol (port TCP 5558)
Summary
Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.
CWE
Assigner
References
Impacted products
Vendor Product Version
Hitachi Energy FOX61x Affected: R15A , < R15A (custom)
Create a notification for this product.
Hitachi Energy XCM20 Affected: R15A , < R15A (custom)
Create a notification for this product.
Date Public
2021-11-23 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:27:31.884Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FOX61x",
          "vendor": "Hitachi Energy",
          "versions": [
            {
              "lessThan": "R15A",
              "status": "affected",
              "version": "R15A",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "XCM20",
          "vendor": "Hitachi Energy",
          "versions": [
            {
              "lessThan": "R15A",
              "status": "affected",
              "version": "R15A",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-11-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-431",
              "description": "CWE-431 Missing Handler",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-02T18:28:18.000Z",
        "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "shortName": "Hitachi Energy"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Fixed in FOX61x R15A or XMC20 R15A"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "SSH activation problem in the proprietary management protocol (port TCP 5558)",
      "workarounds": [
        {
          "lang": "en",
          "value": "Recommended security practices and firewall configurations help protecting systems from attacks that originate from outside the network. Such practices include that network management systems and FOX61x or XMC20 networks are typically physically protected from direct access by unauthorized personnel and have no direct connections to the Internet, as well as are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@hitachienergy.com",
          "DATE_PUBLIC": "2021-11-23T11:00:00.000Z",
          "ID": "CVE-2021-40334",
          "STATE": "PUBLIC",
          "TITLE": "SSH activation problem in the proprietary management protocol (port TCP 5558)"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FOX61x",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "R15A",
                            "version_value": "R15A"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "XCM20",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "R15A",
                            "version_value": "R15A"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Hitachi Energy"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-431 Missing Handler"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
              "refsource": "CONFIRM",
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000062\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
              "refsource": "CONFIRM",
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000069\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Fixed in FOX61x R15A or XMC20 R15A"
          }
        ],
        "source": {
          "discovery": "UNKNOWN"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Recommended security practices and firewall configurations help protecting systems from attacks that originate from outside the network. Such practices include that network management systems and FOX61x or XMC20 networks are typically physically protected from direct access by unauthorized personnel and have no direct connections to the Internet, as well as are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
    "assignerShortName": "Hitachi Energy",
    "cveId": "CVE-2021-40334",
    "datePublished": "2021-12-02T18:28:18.525Z",
    "dateReserved": "2021-08-31T00:00:00.000Z",
    "dateUpdated": "2024-09-16T23:11:57.958Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-68C9-WP52-FPG7

Vulnerability from github – Published: 2024-05-14 18:31 – Updated: 2024-07-03 18:41
VLAI
Details

An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. Note: This issue only affects the application when the profiler is running. This vulnerability affects Firefox < 126.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-4775"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-431"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T18:15:15Z",
    "severity": "MODERATE"
  },
  "details": "An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox \u003c 126.",
  "id": "GHSA-68c9-wp52-fpg7",
  "modified": "2024-07-03T18:41:40Z",
  "published": "2024-05-14T18:31:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4775"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1887332"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-21"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Handle all possible situations (e.g. error condition).

Mitigation
Implementation

If an operation can throw an Exception, implement a handler for that specific exception.

No CAPEC attack patterns related to this CWE.