Search criteria
15 vulnerabilities found for Batch Management by AVEVA
CVE-2024-7113 (GCVE-0-2024-7113)
Vulnerability from cvelistv5 – Published: 2024-08-13 16:26 – Updated: 2024-08-15 18:49
VLAI?
Title
Allocation of Resources Without Limits or Throttling in AVEVA SuiteLink Server
Summary
If exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the duration of the attack.
Severity ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AVEVA | SuiteLink Server |
Affected:
0 , ≤ 3.7.0
(custom)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Credits
DOE CESER's CyTRICS program at Idaho National Laboratory reported this vulnerability to AVEVA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T18:48:38.378253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T18:49:01.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SuiteLink Server",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "3.7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Historian",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2023 R2 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "InTouch",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2023 R2 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Application Server",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2023 R2 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Communication Drivers Pack",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2023 R2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Batch Management",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2023",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "DOE CESER\u0027s CyTRICS program at Idaho National Laboratory reported this vulnerability to AVEVA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIf exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the duration of the attack.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "If exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the duration of the attack."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:26:32.285Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users with the affected product versions should apply security updates as soon as possible.\u003c/p\u003e\u003cp\u003eAll impacted products and affected versions can be fixed by installing \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/producthub/details?id=afeb5492-f764-4af3-b408-acc4c991f699\"\u003eSuiteLink v3.7.100\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eAVEVA recommends the following general defensive measures:\u003c/p\u003e\u003cul\u003e\u003cli\u003eApply Host and/or Network firewall rules restricting the SuiteLink server to accept traffic only from trusted source(s). By default, SuiteLink listens on port 5413.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor more information, see AVEVA\u0027s Security Bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-007.pdf\"\u003eAVEVA-2024-007\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users with the affected product versions should apply security updates as soon as possible.\n\nAll impacted products and affected versions can be fixed by installing SuiteLink v3.7.100 https://softwaresupportsp.aveva.com/#/producthub/details .\n\nAVEVA recommends the following general defensive measures:\n\n * Apply Host and/or Network firewall rules restricting the SuiteLink server to accept traffic only from trusted source(s). By default, SuiteLink listens on port 5413.\n\n\nFor more information, see AVEVA\u0027s Security Bulletin AVEVA-2024-007 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-007.pdf ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Allocation of Resources Without Limits or Throttling in AVEVA SuiteLink Server",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-7113",
"datePublished": "2024-08-13T16:26:32.285Z",
"dateReserved": "2024-07-25T17:56:01.265Z",
"dateUpdated": "2024-08-15T18:49:01.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34982 (GCVE-0-2023-34982)
Vulnerability from cvelistv5 – Published: 2023-11-15 16:28 – Updated: 2024-08-02 16:17
VLAI?
Title
AVEVA Operations Control Logger External Control of File Name or Path
Summary
This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.
Severity ?
5.5 (Medium)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AVEVA | SystemPlatform |
Affected:
0 , ≤ 2020 R2 SP1 P01
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Lukasz Piotrowski from Equinor reported these vulnerabilities to AVEVA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:17:04.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SystemPlatform",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Historian",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Application Server",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "InTouch",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Enterprise Licensing (formerly known as License Manager)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "3.7.002",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Manufacturing Execution System (formerly known as Wonderware MES)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Recipe Management",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 Update 1 Patch 2 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Batch Management",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 SP1 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge (formerly known as Indusoft Web Studio)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Worktasks (formerly known as Workflow Management)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 U2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Plant SCADA (formerly known as Citect)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 Update 15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Mobile Operator (formerly known as IntelaTrac Mobile Operator Rounds)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Communication Drivers Pack",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telemetry Server",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lukasz Piotrowski from Equinor reported these vulnerabilities to AVEVA."
}
],
"datePublic": "2023-11-14T16:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.\u003c/span\u003e\n\n"
}
],
"value": "\nThis external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-15T16:28:35.183Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01"
},
{
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users of affected products should apply security updates as soon as possible.\u003c/p\u003e\u003cp\u003eIn addition to applying security updates, users should follow these general precautions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEnsure that Guest or Anonymous local OS accounts are disabled.\u003c/li\u003e\u003cli\u003eEnsure that only trusted users are able to login on the nodes where the Operations Control Logger is running.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003ePlease see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA Security Bulletin number AVEVA-2023-003\u003c/a\u003e\u0026nbsp;for more information and for links for individual security updates and mitigations for each of the affected products.\u003c/p\u003e\u003cp\u003eAVEVA System Platform 2020 through 2020 R2 SP1 cannot be newly installed on top of other AVEVA products which have been previously patched with the Operations Control Logger v22.1. For additional details please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/knowledgebase/details/000038736?lang=en_us\"\u003eAlert 000038736.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users of affected products should apply security updates as soon as possible.\n\nIn addition to applying security updates, users should follow these general precautions:\n\n * Ensure that Guest or Anonymous local OS accounts are disabled.\n * Ensure that only trusted users are able to login on the nodes where the Operations Control Logger is running.\n\n\nPlease see AVEVA Security Bulletin number AVEVA-2023-003 https://www.aveva.com/en/support-and-success/cyber-security-updates/ \u00a0for more information and for links for individual security updates and mitigations for each of the affected products.\n\nAVEVA System Platform 2020 through 2020 R2 SP1 cannot be newly installed on top of other AVEVA products which have been previously patched with the Operations Control Logger v22.1. For additional details please refer to Alert 000038736. https://softwaresupportsp.aveva.com/#/knowledgebase/details/000038736 \n\n\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "AVEVA Operations Control Logger External Control of File Name or Path ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-34982",
"datePublished": "2023-11-15T16:28:35.183Z",
"dateReserved": "2023-06-13T14:56:36.310Z",
"dateUpdated": "2024-08-02T16:17:04.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33873 (GCVE-0-2023-33873)
Vulnerability from cvelistv5 – Published: 2023-11-15 16:22 – Updated: 2024-11-21 20:10
VLAI?
Title
AVEVA Operations Control Logger Execution with Unnecessary Privileges
Summary
This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.
Severity ?
7.8 (High)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AVEVA | SystemPlatform |
Affected:
0 , ≤ 2020 R2 SP1 P01
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Lukasz Piotrowski from Equinor reported these vulnerabilities to AVEVA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:13.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33873",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T20:09:45.775149Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T20:10:00.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SystemPlatform",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Historian",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Application Server",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "InTouch",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Enterprise Licensing (formerly known as License Manager)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "3.7.002",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Manufacturing Execution System (formerly known as Wonderware MES)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Recipe Management",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 Update 1 Patch 2 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Batch Management",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 SP1 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge (formerly known as Indusoft Web Studio)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Worktasks (formerly known as Workflow Management)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 U2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Plant SCADA (formerly known as Citect)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 Update 15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Mobile Operator (formerly known as IntelaTrac Mobile Operator Rounds)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Communication Drivers Pack",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telemetry Server",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lukasz Piotrowski from Equinor reported these vulnerabilities to AVEVA."
}
],
"datePublic": "2023-11-14T16:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.\u003c/span\u003e\n\n"
}
],
"value": "\nThis privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-15T16:22:31.927Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01"
},
{
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users of affected products should apply security updates as soon as possible.\u003c/p\u003e\u003cp\u003eIn addition to applying security updates, users should follow these general precautions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEnsure that Guest or Anonymous local OS accounts are disabled.\u003c/li\u003e\u003cli\u003eEnsure that only trusted users are able to login on the nodes where the Operations Control Logger is running.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003ePlease see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA Security Bulletin number AVEVA-2023-003\u003c/a\u003e\u0026nbsp;for more information and for links for individual security updates and mitigations for each of the affected products.\u003c/p\u003e\u003cp\u003eAVEVA System Platform 2020 through 2020 R2 SP1 cannot be newly installed on top of other AVEVA products which have been previously patched with the Operations Control Logger v22.1. For additional details please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/knowledgebase/details/000038736?lang=en_us\"\u003eAlert 000038736.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users of affected products should apply security updates as soon as possible.\n\nIn addition to applying security updates, users should follow these general precautions:\n\n * Ensure that Guest or Anonymous local OS accounts are disabled.\n * Ensure that only trusted users are able to login on the nodes where the Operations Control Logger is running.\n\n\nPlease see AVEVA Security Bulletin number AVEVA-2023-003 https://www.aveva.com/en/support-and-success/cyber-security-updates/ \u00a0for more information and for links for individual security updates and mitigations for each of the affected products.\n\nAVEVA System Platform 2020 through 2020 R2 SP1 cannot be newly installed on top of other AVEVA products which have been previously patched with the Operations Control Logger v22.1. For additional details please refer to Alert 000038736. https://softwaresupportsp.aveva.com/#/knowledgebase/details/000038736 \n\n\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "AVEVA Operations Control Logger Execution with Unnecessary Privileges ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-33873",
"datePublished": "2023-11-15T16:22:31.927Z",
"dateReserved": "2023-06-13T14:56:36.315Z",
"dateUpdated": "2024-11-21T20:10:00.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7113 (GCVE-0-2024-7113)
Vulnerability from nvd – Published: 2024-08-13 16:26 – Updated: 2024-08-15 18:49
VLAI?
Title
Allocation of Resources Without Limits or Throttling in AVEVA SuiteLink Server
Summary
If exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the duration of the attack.
Severity ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AVEVA | SuiteLink Server |
Affected:
0 , ≤ 3.7.0
(custom)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Credits
DOE CESER's CyTRICS program at Idaho National Laboratory reported this vulnerability to AVEVA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T18:48:38.378253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T18:49:01.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SuiteLink Server",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "3.7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Historian",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2023 R2 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "InTouch",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2023 R2 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Application Server",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2023 R2 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Communication Drivers Pack",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2023 R2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Batch Management",
"vendor": "AVEVA",
"versions": [
{
"lessThanOrEqual": "2023",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "DOE CESER\u0027s CyTRICS program at Idaho National Laboratory reported this vulnerability to AVEVA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIf exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the duration of the attack.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "If exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the duration of the attack."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:26:32.285Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users with the affected product versions should apply security updates as soon as possible.\u003c/p\u003e\u003cp\u003eAll impacted products and affected versions can be fixed by installing \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/producthub/details?id=afeb5492-f764-4af3-b408-acc4c991f699\"\u003eSuiteLink v3.7.100\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eAVEVA recommends the following general defensive measures:\u003c/p\u003e\u003cul\u003e\u003cli\u003eApply Host and/or Network firewall rules restricting the SuiteLink server to accept traffic only from trusted source(s). By default, SuiteLink listens on port 5413.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor more information, see AVEVA\u0027s Security Bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-007.pdf\"\u003eAVEVA-2024-007\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users with the affected product versions should apply security updates as soon as possible.\n\nAll impacted products and affected versions can be fixed by installing SuiteLink v3.7.100 https://softwaresupportsp.aveva.com/#/producthub/details .\n\nAVEVA recommends the following general defensive measures:\n\n * Apply Host and/or Network firewall rules restricting the SuiteLink server to accept traffic only from trusted source(s). By default, SuiteLink listens on port 5413.\n\n\nFor more information, see AVEVA\u0027s Security Bulletin AVEVA-2024-007 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-007.pdf ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Allocation of Resources Without Limits or Throttling in AVEVA SuiteLink Server",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-7113",
"datePublished": "2024-08-13T16:26:32.285Z",
"dateReserved": "2024-07-25T17:56:01.265Z",
"dateUpdated": "2024-08-15T18:49:01.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34982 (GCVE-0-2023-34982)
Vulnerability from nvd – Published: 2023-11-15 16:28 – Updated: 2024-08-02 16:17
VLAI?
Title
AVEVA Operations Control Logger External Control of File Name or Path
Summary
This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.
Severity ?
5.5 (Medium)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AVEVA | SystemPlatform |
Affected:
0 , ≤ 2020 R2 SP1 P01
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Lukasz Piotrowski from Equinor reported these vulnerabilities to AVEVA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:17:04.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SystemPlatform",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Historian",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Application Server",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "InTouch",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Enterprise Licensing (formerly known as License Manager)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "3.7.002",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Manufacturing Execution System (formerly known as Wonderware MES)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Recipe Management",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 Update 1 Patch 2 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Batch Management",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 SP1 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge (formerly known as Indusoft Web Studio)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Worktasks (formerly known as Workflow Management)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 U2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Plant SCADA (formerly known as Citect)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 Update 15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Mobile Operator (formerly known as IntelaTrac Mobile Operator Rounds)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Communication Drivers Pack",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telemetry Server",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lukasz Piotrowski from Equinor reported these vulnerabilities to AVEVA."
}
],
"datePublic": "2023-11-14T16:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.\u003c/span\u003e\n\n"
}
],
"value": "\nThis external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-15T16:28:35.183Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01"
},
{
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users of affected products should apply security updates as soon as possible.\u003c/p\u003e\u003cp\u003eIn addition to applying security updates, users should follow these general precautions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEnsure that Guest or Anonymous local OS accounts are disabled.\u003c/li\u003e\u003cli\u003eEnsure that only trusted users are able to login on the nodes where the Operations Control Logger is running.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003ePlease see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA Security Bulletin number AVEVA-2023-003\u003c/a\u003e\u0026nbsp;for more information and for links for individual security updates and mitigations for each of the affected products.\u003c/p\u003e\u003cp\u003eAVEVA System Platform 2020 through 2020 R2 SP1 cannot be newly installed on top of other AVEVA products which have been previously patched with the Operations Control Logger v22.1. For additional details please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/knowledgebase/details/000038736?lang=en_us\"\u003eAlert 000038736.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users of affected products should apply security updates as soon as possible.\n\nIn addition to applying security updates, users should follow these general precautions:\n\n * Ensure that Guest or Anonymous local OS accounts are disabled.\n * Ensure that only trusted users are able to login on the nodes where the Operations Control Logger is running.\n\n\nPlease see AVEVA Security Bulletin number AVEVA-2023-003 https://www.aveva.com/en/support-and-success/cyber-security-updates/ \u00a0for more information and for links for individual security updates and mitigations for each of the affected products.\n\nAVEVA System Platform 2020 through 2020 R2 SP1 cannot be newly installed on top of other AVEVA products which have been previously patched with the Operations Control Logger v22.1. For additional details please refer to Alert 000038736. https://softwaresupportsp.aveva.com/#/knowledgebase/details/000038736 \n\n\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "AVEVA Operations Control Logger External Control of File Name or Path ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-34982",
"datePublished": "2023-11-15T16:28:35.183Z",
"dateReserved": "2023-06-13T14:56:36.310Z",
"dateUpdated": "2024-08-02T16:17:04.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33873 (GCVE-0-2023-33873)
Vulnerability from nvd – Published: 2023-11-15 16:22 – Updated: 2024-11-21 20:10
VLAI?
Title
AVEVA Operations Control Logger Execution with Unnecessary Privileges
Summary
This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.
Severity ?
7.8 (High)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AVEVA | SystemPlatform |
Affected:
0 , ≤ 2020 R2 SP1 P01
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Lukasz Piotrowski from Equinor reported these vulnerabilities to AVEVA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:13.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33873",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T20:09:45.775149Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T20:10:00.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SystemPlatform",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Historian",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Application Server",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "InTouch",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Enterprise Licensing (formerly known as License Manager)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "3.7.002",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Manufacturing Execution System (formerly known as Wonderware MES)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Recipe Management",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 Update 1 Patch 2 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Batch Management",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 SP1 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge (formerly known as Indusoft Web Studio)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1 P01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Worktasks (formerly known as Workflow Management)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 U2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Plant SCADA (formerly known as Citect)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 Update 15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Mobile Operator (formerly known as IntelaTrac Mobile Operator Rounds)",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Communication Drivers Pack",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telemetry Server",
"vendor": "AVEVA ",
"versions": [
{
"lessThanOrEqual": "2020 R2 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lukasz Piotrowski from Equinor reported these vulnerabilities to AVEVA."
}
],
"datePublic": "2023-11-14T16:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.\u003c/span\u003e\n\n"
}
],
"value": "\nThis privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-15T16:22:31.927Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01"
},
{
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users of affected products should apply security updates as soon as possible.\u003c/p\u003e\u003cp\u003eIn addition to applying security updates, users should follow these general precautions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEnsure that Guest or Anonymous local OS accounts are disabled.\u003c/li\u003e\u003cli\u003eEnsure that only trusted users are able to login on the nodes where the Operations Control Logger is running.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003ePlease see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA Security Bulletin number AVEVA-2023-003\u003c/a\u003e\u0026nbsp;for more information and for links for individual security updates and mitigations for each of the affected products.\u003c/p\u003e\u003cp\u003eAVEVA System Platform 2020 through 2020 R2 SP1 cannot be newly installed on top of other AVEVA products which have been previously patched with the Operations Control Logger v22.1. For additional details please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/knowledgebase/details/000038736?lang=en_us\"\u003eAlert 000038736.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users of affected products should apply security updates as soon as possible.\n\nIn addition to applying security updates, users should follow these general precautions:\n\n * Ensure that Guest or Anonymous local OS accounts are disabled.\n * Ensure that only trusted users are able to login on the nodes where the Operations Control Logger is running.\n\n\nPlease see AVEVA Security Bulletin number AVEVA-2023-003 https://www.aveva.com/en/support-and-success/cyber-security-updates/ \u00a0for more information and for links for individual security updates and mitigations for each of the affected products.\n\nAVEVA System Platform 2020 through 2020 R2 SP1 cannot be newly installed on top of other AVEVA products which have been previously patched with the Operations Control Logger v22.1. For additional details please refer to Alert 000038736. https://softwaresupportsp.aveva.com/#/knowledgebase/details/000038736 \n\n\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "AVEVA Operations Control Logger Execution with Unnecessary Privileges ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-33873",
"datePublished": "2023-11-15T16:22:31.927Z",
"dateReserved": "2023-06-13T14:56:36.315Z",
"dateUpdated": "2024-11-21T20:10:00.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202109-1926
Vulnerability from variot - Updated: 2024-06-14 22:51AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path. AVEVA Provided by the company PCS Portal teeth AVEVA A common framework for data exchange between nodes running the products. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. AVEVA System Platform is an application software of British AVEVA company. A responsive, standards-driven and scalable foundation for regulatory, enterprise SCADA, MES and IIoT applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1926",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "work tasks",
"scope": "eq",
"trust": 1.8,
"vendor": "aveva",
"version": "2020"
},
{
"model": "enterprise data management",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "platform common services",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "4.4.6"
},
{
"model": "mobile operator",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "batch management",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "platform common services",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "4.5.2"
},
{
"model": "platform common services",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "4.5.1"
},
{
"model": "manufacturing execution system",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "platform common services",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "4.5.0"
},
{
"model": "system platform",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "work tasks",
"scope": "eq",
"trust": 0.8,
"vendor": "aveva",
"version": "2020 update 1"
},
{
"model": "system platform",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "enterprise data management",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "mobile operator",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "software platform common services",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "batch management",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "manufacturing execution system",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002396"
},
{
"db": "NVD",
"id": "CVE-2021-38410"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:system_platform:2020:r2_p01:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:system_platform:2020:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:system_platform:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:platform_common_services:4.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:platform_common_services:4.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:platform_common_services:4.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:platform_common_services:4.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:batch_management:2020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:enterprise_data_management:2020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:manufacturing_execution_system:2020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:mobile_operator:2020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:work_tasks:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:work_tasks:2020:update_1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-38410"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Noam Moshe of Claroty discovered and disclosed the vulnerability to the AVEVA Software Security Response Center.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-449"
}
],
"trust": 0.6
},
"cve": "CVE-2021-38410",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-002396",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-38410",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-38410",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002396",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-449",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002396"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-449"
},
{
"db": "NVD",
"id": "CVE-2021-38410"
},
{
"db": "NVD",
"id": "CVE-2021-38410"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path. AVEVA Provided by the company PCS Portal teeth AVEVA A common framework for data exchange between nodes running the products. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. AVEVA System Platform is an application software of British AVEVA company. A responsive, standards-driven and scalable foundation for regulatory, enterprise SCADA, MES and IIoT applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002396"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-449"
},
{
"db": "VULMON",
"id": "CVE-2021-38410"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-38410",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-21-252-01",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU98046090",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002396",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3041",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021091003",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202109-449",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-38410",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002396"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-449"
},
{
"db": "NVD",
"id": "CVE-2021-38410"
}
]
},
"id": "VAR-202109-1926",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.23076923
},
"last_update_date": "2024-06-14T22:51:34.762000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AVEVA-2021-008 (( PDF )",
"trust": 0.8,
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/securitybulletin_aveva-2021-008.pdf"
},
{
"title": "AVEVA System Platform Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=161910"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002396"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-449"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.0
},
{
"problemtype": "Uncontrolled search path elements (CWE-427) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002396"
},
{
"db": "NVD",
"id": "CVE-2021-38410"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
},
{
"trust": 1.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-252-01"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-252-01"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98046090/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38410"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-38410/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021091003"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3041"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002396"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-449"
},
{
"db": "NVD",
"id": "CVE-2021-38410"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-38410"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002396"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-449"
},
{
"db": "NVD",
"id": "CVE-2021-38410"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-38410"
},
{
"date": "2021-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002396"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-09-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-449"
},
{
"date": "2022-07-27T21:15:08.523000",
"db": "NVD",
"id": "CVE-2021-38410"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-28T00:00:00",
"db": "VULMON",
"id": "CVE-2021-38410"
},
{
"date": "2024-06-14T01:39:00",
"db": "JVNDB",
"id": "JVNDB-2021-002396"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-449"
},
{
"date": "2022-08-04T02:48:06.450000",
"db": "NVD",
"id": "CVE-2021-38410"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-449"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AVEVA\u00a0 Made \u00a0PCS\u00a0Portal\u00a0 In \u00a0DLL\u00a0 Loading vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002396"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
VAR-202311-0501
Vulnerability from variot - Updated: 2024-01-18 22:52This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service. batch management , communication drivers , edge etc. multiple AVEVA The product contains a vulnerability related to externally controllable references to cross-domain resources.Information is tampered with and service operation is interrupted (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202311-0501",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "batch management",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "communication drivers",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "batch management",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "enterprise licensing",
"scope": "lte",
"trust": 1.0,
"vendor": "aveva",
"version": "3.7.002"
},
{
"model": "manufacturing execution system",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "mobile operator",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "plant scada",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "mobile operator",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "edge",
"scope": "lte",
"trust": 1.0,
"vendor": "aveva",
"version": "20.1.101"
},
{
"model": "work tasks",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "manufacturing execution system",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "work tasks",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "intouch",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "intouch",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "recipe management",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "system platform",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "plant scada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "recipe management",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "communication drivers",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "historian",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "historian",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "system platform",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "telemetry server",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020r2"
},
{
"model": "intouch",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "mobile operator",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "enterprise licensing",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "telemetry server",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "communication drivers",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "system platform",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "batch management",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "recipe management",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "edge",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "historian",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "plant scada",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "work tasks",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "manufacturing execution system",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019212"
},
{
"db": "NVD",
"id": "CVE-2023-34982"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:system_platform:2020:r2_p01:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:system_platform:2020:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:system_platform:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:manufacturing_execution_system:2020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:mobile_operator:2020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:work_tasks:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:work_tasks:2020:update_1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:telemetry_server:2020r2:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:telemetry_server:2020r2:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:system_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:historian:2020:r2_p01:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:historian:2020:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:historian:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:historian:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:intouch:2020:r2_p01:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:intouch:2020:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:intouch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:intouch:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:enterprise_licensing:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.7.002",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:recipe_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:recipe_management:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:recipe_management:2020:update_1_patch_2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:manufacturing_execution_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:manufacturing_execution_system:2020:p01:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:batch_management:2020:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:batch_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:batch_management:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:communication_drivers:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:communication_drivers:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:communication_drivers:2020:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:communication_drivers:2020:r2_p01:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:mobile_operator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:mobile_operator:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:mobile_operator:2020:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:plant_scada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:plant_scada:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:plant_scada:2020:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:work_tasks:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:work_tasks:2020:update_2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:edge:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.1.101",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-34982"
}
]
},
"cve": "CVE-2023-34982",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-34982",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-34982",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2023-34982",
"trust": 1.0,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019212"
},
{
"db": "NVD",
"id": "CVE-2023-34982"
},
{
"db": "NVD",
"id": "CVE-2023-34982"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nThis external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service. batch management , communication drivers , edge etc. multiple AVEVA The product contains a vulnerability related to externally controllable references to cross-domain resources.Information is tampered with and service operation is interrupted (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-34982"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019212"
},
{
"db": "VULMON",
"id": "CVE-2023-34982"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-34982",
"trust": 2.7
},
{
"db": "ICS CERT",
"id": "ICSA-23-318-01",
"trust": 1.9
},
{
"db": "JVN",
"id": "JVNVU93965614",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019212",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2023-34982",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-34982"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019212"
},
{
"db": "NVD",
"id": "CVE-2023-34982"
}
]
},
"id": "VAR-202311-0501",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.22996794999999998
},
"last_update_date": "2024-01-18T22:52:34.014000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-610",
"trust": 1.0
},
{
"problemtype": "Externally controllable reference to another region resource (CWE-610) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019212"
},
{
"db": "NVD",
"id": "CVE-2023-34982"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01"
},
{
"trust": 1.9,
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93965614/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-34982"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019212"
},
{
"db": "NVD",
"id": "CVE-2023-34982"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-34982"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019212"
},
{
"db": "NVD",
"id": "CVE-2023-34982"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-15T00:00:00",
"db": "VULMON",
"id": "CVE-2023-34982"
},
{
"date": "2024-01-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-019212"
},
{
"date": "2023-11-15T17:15:41.563000",
"db": "NVD",
"id": "CVE-2023-34982"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-16T00:00:00",
"db": "VULMON",
"id": "CVE-2023-34982"
},
{
"date": "2024-01-12T05:53:00",
"db": "JVNDB",
"id": "JVNDB-2023-019212"
},
{
"date": "2023-12-08T18:53:18.187000",
"db": "NVD",
"id": "CVE-2023-34982"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0AVEVA\u00a0 Vulnerability related to externally controllable references to other domain resources in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019212"
}
],
"trust": 0.8
}
}
VAR-202311-0502
Vulnerability from variot - Updated: 2024-01-18 22:52This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine. batch management , communication drivers , edge etc. multiple AVEVA There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202311-0502",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "batch management",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "communication drivers",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "batch management",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "enterprise licensing",
"scope": "lte",
"trust": 1.0,
"vendor": "aveva",
"version": "3.7.002"
},
{
"model": "manufacturing execution system",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "mobile operator",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "plant scada",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "mobile operator",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "edge",
"scope": "lte",
"trust": 1.0,
"vendor": "aveva",
"version": "20.1.101"
},
{
"model": "work tasks",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "manufacturing execution system",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "work tasks",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "intouch",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "intouch",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "recipe management",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "system platform",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "plant scada",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "recipe management",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "communication drivers",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "historian",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "historian",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "system platform",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020"
},
{
"model": "telemetry server",
"scope": "eq",
"trust": 1.0,
"vendor": "aveva",
"version": "2020r2"
},
{
"model": "intouch",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "mobile operator",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "enterprise licensing",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "telemetry server",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "communication drivers",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "system platform",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "batch management",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "recipe management",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "edge",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "historian",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "plant scada",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "work tasks",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "manufacturing execution system",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019213"
},
{
"db": "NVD",
"id": "CVE-2023-33873"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:system_platform:2020:r2_p01:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:system_platform:2020:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:system_platform:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:manufacturing_execution_system:2020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:mobile_operator:2020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:work_tasks:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:work_tasks:2020:update_1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:telemetry_server:2020r2:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:telemetry_server:2020r2:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:system_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:historian:2020:r2_p01:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:historian:2020:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:historian:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:historian:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:intouch:2020:r2_p01:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:intouch:2020:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:intouch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:intouch:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:enterprise_licensing:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.7.002",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:recipe_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:recipe_management:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:recipe_management:2020:update_1_patch_2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:manufacturing_execution_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:manufacturing_execution_system:2020:p01:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:batch_management:2020:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:batch_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:batch_management:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:communication_drivers:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:communication_drivers:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:communication_drivers:2020:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:communication_drivers:2020:r2_p01:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:mobile_operator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:mobile_operator:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:mobile_operator:2020:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:plant_scada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:plant_scada:2020:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:plant_scada:2020:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:work_tasks:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:work_tasks:2020:update_2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aveva:edge:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20.1.101",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-33873"
}
]
},
"cve": "CVE-2023-33873",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-33873",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-33873",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2023-33873",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019213"
},
{
"db": "NVD",
"id": "CVE-2023-33873"
},
{
"db": "NVD",
"id": "CVE-2023-33873"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nThis privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine. batch management , communication drivers , edge etc. multiple AVEVA There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-33873"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019213"
},
{
"db": "VULMON",
"id": "CVE-2023-33873"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-33873",
"trust": 2.7
},
{
"db": "ICS CERT",
"id": "ICSA-23-318-01",
"trust": 1.9
},
{
"db": "JVN",
"id": "JVNVU93965614",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019213",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2023-33873",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-33873"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019213"
},
{
"db": "NVD",
"id": "CVE-2023-33873"
}
]
},
"id": "VAR-202311-0502",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.22996794999999998
},
"last_update_date": "2024-01-18T22:52:33.993000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019213"
},
{
"db": "NVD",
"id": "CVE-2023-33873"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01"
},
{
"trust": 1.9,
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93965614/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-33873"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-33873"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019213"
},
{
"db": "NVD",
"id": "CVE-2023-33873"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-33873"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019213"
},
{
"db": "NVD",
"id": "CVE-2023-33873"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-15T00:00:00",
"db": "VULMON",
"id": "CVE-2023-33873"
},
{
"date": "2024-01-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-019213"
},
{
"date": "2023-11-15T17:15:41.313000",
"db": "NVD",
"id": "CVE-2023-33873"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-16T00:00:00",
"db": "VULMON",
"id": "CVE-2023-33873"
},
{
"date": "2024-01-12T05:53:00",
"db": "JVNDB",
"id": "JVNDB-2023-019213"
},
{
"date": "2023-12-08T17:27:53.197000",
"db": "NVD",
"id": "CVE-2023-33873"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0AVEVA\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019213"
}
],
"trust": 0.8
}
}
VAR-202109-0588
Vulnerability from variot - Updated: 2023-12-18 11:57Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06. AVEVA Provided by the company SuiteLink Server The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-32959 ‥ * NULL Pointer reference (CWE-476) - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 ‥ * Improper handling of exception conditions (CWE-755) - CVE-2021-32999The expected impact depends on each vulnerability, but if a specific command process is executed by a remote third party, it may be affected as follows. Twice * Execution of arbitrary code or disruption of service operation ( DoS ) Be in a state - CVE-2021-32959 ‥ * Denial of service ( DoS ) Be in a state - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 , CVE-2021-32999
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-0588",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "suitelink",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "3.2.002"
},
{
"model": "batch management",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "operations integration",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "data acquisition servers",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "communication drivers pack",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "mes",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "historian",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "intouch",
"scope": "eq",
"trust": 0.8,
"vendor": "aveva",
"version": "2020 r2 p01 and all previous s"
},
{
"model": "system platform",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32959"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:suitelink:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.002",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32959"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sharon Brizinov of Claroty reported these vulnerabilities to AVEVA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1666"
}
],
"trust": 0.6
},
"cve": "CVE-2021-32959",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-32959",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-002284",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-002284",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "OTHER",
"id": "JVNDB-2021-002284",
"trust": 2.4,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2021-32959",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-32959",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-1666",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-32959",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32959"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32959"
},
{
"db": "NVD",
"id": "CVE-2021-32959"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1666"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06. AVEVA Provided by the company SuiteLink Server The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-32959 \u2025 * NULL Pointer reference (CWE-476) - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 \u2025 * Improper handling of exception conditions (CWE-755) - CVE-2021-32999The expected impact depends on each vulnerability, but if a specific command process is executed by a remote third party, it may be affected as follows. Twice * Execution of arbitrary code or disruption of service operation ( DoS ) Be in a state - CVE-2021-32959 \u2025 * Denial of service ( DoS ) Be in a state - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 , CVE-2021-32999",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32959"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "VULMON",
"id": "CVE-2021-32959"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-32959",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-21-231-01",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU92695780",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.2822",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1666",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-32959",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32959"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32959"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1666"
}
]
},
"id": "VAR-202109-0588",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.22996794999999998
},
"last_update_date": "2023-12-18T11:57:13.171000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY\u00a0BULLETIN\u00a0AVEVA-2021-003",
"trust": 0.8,
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/securitybulletin_aveva-2021-003.pdf"
},
{
"title": "Aveva SuiteLink Server Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=164629"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1666"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "Heap-based buffer overflow (CWE-122) [ Other ]",
"trust": 0.8
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Improper handling in exceptional conditions (CWE-755) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32959"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/securitybulletin_aveva-2021-003.pdf"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-231-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92695780/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32959"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2822"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/122.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32959"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32959"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1666"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-32959"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32959"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1666"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32959"
},
{
"date": "2021-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"date": "2021-09-23T14:15:07.453000",
"db": "NVD",
"id": "CVE-2021-32959"
},
{
"date": "2021-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1666"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-01T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32959"
},
{
"date": "2021-08-23T07:37:00",
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"date": "2021-10-01T17:44:17.643000",
"db": "NVD",
"id": "CVE-2021-32959"
},
{
"date": "2021-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1666"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1666"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AVEVA\u00a0 Made \u00a0SuiteLink\u00a0Server\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1666"
}
],
"trust": 0.6
}
}
VAR-202109-0589
Vulnerability from variot - Updated: 2023-12-18 11:57Null pointer dereference in SuiteLink server while processing commands 0x03/0x10. AVEVA Provided by the company SuiteLink Server The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-32959 ‥ * NULL Pointer reference (CWE-476) - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 ‥ * Improper handling of exception conditions (CWE-755) - CVE-2021-32999The expected impact depends on each vulnerability, but if a specific command process is executed by a remote third party, it may be affected as follows. Twice * Execution of arbitrary code or disruption of service operation ( DoS ) Be in a state - CVE-2021-32959 ‥ * Denial of service ( DoS ) Be in a state - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 , CVE-2021-32999
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-0589",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "suitelink",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "3.2.002"
},
{
"model": "batch management",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "operations integration",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "data acquisition servers",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "communication drivers pack",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "mes",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "historian",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "intouch",
"scope": "eq",
"trust": 0.8,
"vendor": "aveva",
"version": "2020 r2 p01 and all previous s"
},
{
"model": "system platform",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32963"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:suitelink:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.002",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32963"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sharon Brizinov of Claroty reported these vulnerabilities to AVEVA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1667"
}
],
"trust": 0.6
},
"cve": "CVE-2021-32963",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-32963",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-002284",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-32963",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-32963",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002284",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-1667",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-32963",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32963"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32963"
},
{
"db": "NVD",
"id": "CVE-2021-32963"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1667"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Null pointer dereference in SuiteLink server while processing commands 0x03/0x10. AVEVA Provided by the company SuiteLink Server The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-32959 \u2025 * NULL Pointer reference (CWE-476) - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 \u2025 * Improper handling of exception conditions (CWE-755) - CVE-2021-32999The expected impact depends on each vulnerability, but if a specific command process is executed by a remote third party, it may be affected as follows. Twice * Execution of arbitrary code or disruption of service operation ( DoS ) Be in a state - CVE-2021-32959 \u2025 * Denial of service ( DoS ) Be in a state - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 , CVE-2021-32999",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32963"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "VULMON",
"id": "CVE-2021-32963"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-32963",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-21-231-01",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU92695780",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.2822",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1667",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-32963",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32963"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32963"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1667"
}
]
},
"id": "VAR-202109-0589",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.22996794999999998
},
"last_update_date": "2023-12-18T11:57:13.248000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY\u00a0BULLETIN\u00a0AVEVA-2021-003",
"trust": 0.8,
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/securitybulletin_aveva-2021-003.pdf"
},
{
"title": "Aveva SuiteLink Server Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=164119"
},
{
"title": "CVE-2021-32963",
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2021-32963 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32963"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1667"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.0
},
{
"problemtype": "Heap-based buffer overflow (CWE-122) [ Other ]",
"trust": 0.8
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Improper handling in exceptional conditions (CWE-755) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32963"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/securitybulletin_aveva-2021-003.pdf"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-231-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92695780/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32963"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2822"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2021-32963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32963"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32963"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1667"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-32963"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32963"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1667"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32963"
},
{
"date": "2021-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"date": "2021-09-23T14:15:07.577000",
"db": "NVD",
"id": "CVE-2021-32963"
},
{
"date": "2021-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1667"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-01T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32963"
},
{
"date": "2021-08-23T07:37:00",
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"date": "2021-10-01T18:58:05.580000",
"db": "NVD",
"id": "CVE-2021-32963"
},
{
"date": "2021-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1667"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1667"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AVEVA\u00a0 Made \u00a0SuiteLink\u00a0Server\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1667"
}
],
"trust": 0.6
}
}
VAR-202109-0593
Vulnerability from variot - Updated: 2023-12-18 11:57Improper handling of exceptional conditions in SuiteLink server while processing command 0x01. AVEVA Provided by the company SuiteLink Server The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-32959 ‥ * NULL Pointer reference (CWE-476) - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 ‥ * Improper handling of exception conditions (CWE-755) - CVE-2021-32999The expected impact depends on each vulnerability, but if a specific command process is executed by a remote third party, it may be affected as follows. Twice * Execution of arbitrary code or disruption of service operation ( DoS ) Be in a state - CVE-2021-32959 ‥ * Denial of service ( DoS ) Be in a state - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 , CVE-2021-32999
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-0593",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "suitelink",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "3.2.002"
},
{
"model": "batch management",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "operations integration",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "data acquisition servers",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "communication drivers pack",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "mes",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "historian",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "intouch",
"scope": "eq",
"trust": 0.8,
"vendor": "aveva",
"version": "2020 r2 p01 and all previous s"
},
{
"model": "system platform",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32999"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:suitelink:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.002",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32999"
}
]
},
"cve": "CVE-2021-32999",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-32999",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-002284",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-32999",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-32999",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002284",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-1636",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-32999",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32999"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32999"
},
{
"db": "NVD",
"id": "CVE-2021-32999"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1636"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper handling of exceptional conditions in SuiteLink server while processing command 0x01. AVEVA Provided by the company SuiteLink Server The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-32959 \u2025 * NULL Pointer reference (CWE-476) - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 \u2025 * Improper handling of exception conditions (CWE-755) - CVE-2021-32999The expected impact depends on each vulnerability, but if a specific command process is executed by a remote third party, it may be affected as follows. Twice * Execution of arbitrary code or disruption of service operation ( DoS ) Be in a state - CVE-2021-32959 \u2025 * Denial of service ( DoS ) Be in a state - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 , CVE-2021-32999",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32999"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "VULMON",
"id": "CVE-2021-32999"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-32999",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU92695780",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-231-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1636",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-32999",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32999"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32999"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1636"
}
]
},
"id": "VAR-202109-0593",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.22996794999999998
},
"last_update_date": "2023-12-18T11:57:13.299000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY\u00a0BULLETIN\u00a0AVEVA-2021-003",
"trust": 0.8,
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/securitybulletin_aveva-2021-003.pdf"
},
{
"title": "SuiteLink server Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=164624"
},
{
"title": "CVE-2021-32999",
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2021-32999 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32999"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1636"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.0
},
{
"problemtype": "Heap-based buffer overflow (CWE-122) [ Other ]",
"trust": 0.8
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Improper handling in exceptional conditions (CWE-755) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32999"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/securitybulletin_aveva-2021-003.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92695780/"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-231-01"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/755.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2021-32999"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32999"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32999"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1636"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-32999"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32999"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1636"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32999"
},
{
"date": "2021-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"date": "2021-09-23T14:15:07.833000",
"db": "NVD",
"id": "CVE-2021-32999"
},
{
"date": "2021-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1636"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-01T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32999"
},
{
"date": "2021-08-23T07:37:00",
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"date": "2021-10-01T18:45:55.257000",
"db": "NVD",
"id": "CVE-2021-32999"
},
{
"date": "2021-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1636"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1636"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AVEVA\u00a0 Made \u00a0SuiteLink\u00a0Server\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1636"
}
],
"trust": 0.6
}
}
VAR-202109-0592
Vulnerability from variot - Updated: 2023-12-18 11:57Null pointer dereference in SuiteLink server while processing command 0x0b. AVEVA Provided by the company SuiteLink Server The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-32959 ‥ * NULL Pointer reference (CWE-476) - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 ‥ * Improper handling of exception conditions (CWE-755) - CVE-2021-32999The expected impact depends on each vulnerability, but if a specific command process is executed by a remote third party, it may be affected as follows. Twice * Execution of arbitrary code or disruption of service operation ( DoS ) Be in a state - CVE-2021-32959 ‥ * Denial of service ( DoS ) Be in a state - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 , CVE-2021-32999
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-0592",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "suitelink",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "3.2.002"
},
{
"model": "batch management",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "operations integration",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "data acquisition servers",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "communication drivers pack",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "mes",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "historian",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "intouch",
"scope": "eq",
"trust": 0.8,
"vendor": "aveva",
"version": "2020 r2 p01 and all previous s"
},
{
"model": "system platform",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32987"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:suitelink:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.002",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32987"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sharon Brizinov of Claroty reported these vulnerabilities to AVEVA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1668"
}
],
"trust": 0.6
},
"cve": "CVE-2021-32987",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-32987",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-002284",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-32987",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-32987",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002284",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-1668",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-32987",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32987"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32987"
},
{
"db": "NVD",
"id": "CVE-2021-32987"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1668"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Null pointer dereference in SuiteLink server while processing command 0x0b. AVEVA Provided by the company SuiteLink Server The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-32959 \u2025 * NULL Pointer reference (CWE-476) - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 \u2025 * Improper handling of exception conditions (CWE-755) - CVE-2021-32999The expected impact depends on each vulnerability, but if a specific command process is executed by a remote third party, it may be affected as follows. Twice * Execution of arbitrary code or disruption of service operation ( DoS ) Be in a state - CVE-2021-32959 \u2025 * Denial of service ( DoS ) Be in a state - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 , CVE-2021-32999",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32987"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "VULMON",
"id": "CVE-2021-32987"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-32987",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-21-231-01",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU92695780",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.2822",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1668",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-32987",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32987"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32987"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1668"
}
]
},
"id": "VAR-202109-0592",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.22996794999999998
},
"last_update_date": "2023-12-18T11:57:13.272000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY\u00a0BULLETIN\u00a0AVEVA-2021-003",
"trust": 0.8,
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/securitybulletin_aveva-2021-003.pdf"
},
{
"title": "Aveva SuiteLink Server Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=160237"
},
{
"title": "CVE-2021-32987",
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2021-32987 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32987"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1668"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.0
},
{
"problemtype": "Heap-based buffer overflow (CWE-122) [ Other ]",
"trust": 0.8
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Improper handling in exceptional conditions (CWE-755) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32987"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/securitybulletin_aveva-2021-003.pdf"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-231-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92695780/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2822"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2021-32987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32987"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32987"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1668"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-32987"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32987"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1668"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32987"
},
{
"date": "2021-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"date": "2021-09-23T14:15:07.777000",
"db": "NVD",
"id": "CVE-2021-32987"
},
{
"date": "2021-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1668"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-01T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32987"
},
{
"date": "2021-08-23T07:37:00",
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"date": "2021-10-01T18:48:59.327000",
"db": "NVD",
"id": "CVE-2021-32987"
},
{
"date": "2021-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1668"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1668"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AVEVA\u00a0 Made \u00a0SuiteLink\u00a0Server\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1668"
}
],
"trust": 0.6
}
}
VAR-202109-0591
Vulnerability from variot - Updated: 2023-12-18 11:57Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a. AVEVA Provided by the company SuiteLink Server The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-32959 ‥ * NULL Pointer reference (CWE-476) - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 ‥ * Improper handling of exception conditions (CWE-755) - CVE-2021-32999The expected impact depends on each vulnerability, but if a specific command process is executed by a remote third party, it may be affected as follows. Twice * Execution of arbitrary code or disruption of service operation ( DoS ) Be in a state - CVE-2021-32959 ‥ * Denial of service ( DoS ) Be in a state - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 , CVE-2021-32999
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-0591",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "suitelink",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "3.2.002"
},
{
"model": "batch management",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "operations integration",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "data acquisition servers",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "communication drivers pack",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "mes",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "historian",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "intouch",
"scope": "eq",
"trust": 0.8,
"vendor": "aveva",
"version": "2020 r2 p01 and all previous s"
},
{
"model": "system platform",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32979"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:suitelink:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.002",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32979"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sharon Brizinov of Claroty reported these vulnerabilities to AVEVA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1665"
}
],
"trust": 0.6
},
"cve": "CVE-2021-32979",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-32979",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-002284",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-32979",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-32979",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002284",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-1665",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-32979",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32979"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32979"
},
{
"db": "NVD",
"id": "CVE-2021-32979"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1665"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a. AVEVA Provided by the company SuiteLink Server The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-32959 \u2025 * NULL Pointer reference (CWE-476) - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 \u2025 * Improper handling of exception conditions (CWE-755) - CVE-2021-32999The expected impact depends on each vulnerability, but if a specific command process is executed by a remote third party, it may be affected as follows. Twice * Execution of arbitrary code or disruption of service operation ( DoS ) Be in a state - CVE-2021-32959 \u2025 * Denial of service ( DoS ) Be in a state - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 , CVE-2021-32999",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32979"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "VULMON",
"id": "CVE-2021-32979"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-32979",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-21-231-01",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU92695780",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.2822",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1665",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-32979",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32979"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32979"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1665"
}
]
},
"id": "VAR-202109-0591",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.22996794999999998
},
"last_update_date": "2023-12-18T11:57:13.219000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY\u00a0BULLETIN\u00a0AVEVA-2021-003",
"trust": 0.8,
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/securitybulletin_aveva-2021-003.pdf"
},
{
"title": "Aveva SuiteLink Server Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=164628"
},
{
"title": "CVE-2021-32979",
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2021-32979 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32979"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1665"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.0
},
{
"problemtype": "Heap-based buffer overflow (CWE-122) [ Other ]",
"trust": 0.8
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Improper handling in exceptional conditions (CWE-755) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32979"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/securitybulletin_aveva-2021-003.pdf"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-231-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92695780/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2822"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2021-32979"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32979"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32979"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1665"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-32979"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32979"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1665"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32979"
},
{
"date": "2021-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"date": "2021-09-23T14:15:07.713000",
"db": "NVD",
"id": "CVE-2021-32979"
},
{
"date": "2021-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1665"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-01T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32979"
},
{
"date": "2021-08-23T07:37:00",
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"date": "2021-10-01T18:55:51.547000",
"db": "NVD",
"id": "CVE-2021-32979"
},
{
"date": "2021-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1665"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1665"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AVEVA\u00a0 Made \u00a0SuiteLink\u00a0Server\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1665"
}
],
"trust": 0.6
}
}
VAR-202109-0590
Vulnerability from variot - Updated: 2023-12-18 11:57Null pointer dereference in SuiteLink server while processing command 0x07. AVEVA Provided by the company SuiteLink Server The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-32959 ‥ * NULL Pointer reference (CWE-476) - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 ‥ * Improper handling of exception conditions (CWE-755) - CVE-2021-32999The expected impact depends on each vulnerability, but if a specific command process is executed by a remote third party, it may be affected as follows. Twice * Execution of arbitrary code or disruption of service operation ( DoS ) Be in a state - CVE-2021-32959 ‥ * Denial of service ( DoS ) Be in a state - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 , CVE-2021-32999
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-0590",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "suitelink",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "3.2.002"
},
{
"model": "batch management",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "operations integration",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "data acquisition servers",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "communication drivers pack",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "mes",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "historian",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "intouch",
"scope": "eq",
"trust": 0.8,
"vendor": "aveva",
"version": "2020 r2 p01 and all previous s"
},
{
"model": "system platform",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32971"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:suitelink:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.002",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32971"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sharon Brizinov of Claroty reported these vulnerabilities to AVEVA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1664"
}
],
"trust": 0.6
},
"cve": "CVE-2021-32971",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-32971",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-002284",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-32971",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-32971",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002284",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-1664",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-32971",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32971"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32971"
},
{
"db": "NVD",
"id": "CVE-2021-32971"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1664"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Null pointer dereference in SuiteLink server while processing command 0x07. AVEVA Provided by the company SuiteLink Server The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-32959 \u2025 * NULL Pointer reference (CWE-476) - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 \u2025 * Improper handling of exception conditions (CWE-755) - CVE-2021-32999The expected impact depends on each vulnerability, but if a specific command process is executed by a remote third party, it may be affected as follows. Twice * Execution of arbitrary code or disruption of service operation ( DoS ) Be in a state - CVE-2021-32959 \u2025 * Denial of service ( DoS ) Be in a state - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 , CVE-2021-32999",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32971"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "VULMON",
"id": "CVE-2021-32971"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-32971",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-21-231-01",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU92695780",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.2822",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1664",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-32971",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32971"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32971"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1664"
}
]
},
"id": "VAR-202109-0590",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.22996794999999998
},
"last_update_date": "2023-12-18T11:57:13.197000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY\u00a0BULLETIN\u00a0AVEVA-2021-003",
"trust": 0.8,
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/securitybulletin_aveva-2021-003.pdf"
},
{
"title": "Aveva SuiteLink Server Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=164627"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1664"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.0
},
{
"problemtype": "Heap-based buffer overflow (CWE-122) [ Other ]",
"trust": 0.8
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Improper handling in exceptional conditions (CWE-755) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32971"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/securitybulletin_aveva-2021-003.pdf"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-231-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92695780/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2822"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32971"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32971"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1664"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-32971"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32971"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1664"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32971"
},
{
"date": "2021-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"date": "2021-09-23T14:15:07.647000",
"db": "NVD",
"id": "CVE-2021-32971"
},
{
"date": "2021-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1664"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-01T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32971"
},
{
"date": "2021-08-23T07:37:00",
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"date": "2021-10-01T19:02:19.227000",
"db": "NVD",
"id": "CVE-2021-32971"
},
{
"date": "2021-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1664"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1664"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AVEVA\u00a0 Made \u00a0SuiteLink\u00a0Server\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1664"
}
],
"trust": 0.6
}
}