Search criteria
21 vulnerabilities found for wireless_1410_gateway_firmware by emerson
FKIE_CVE-2021-42538
Vulnerability from fkie_nvd - Published: 2021-10-22 14:15 - Updated: 2024-11-21 06:27
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02 | Patch, Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:wireless_1410_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81295FA4-C0AE-4D54-986C-FB5D80AE394F",
"versionEndExcluding": "4.7.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:wireless_1410_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC94CCCF-5560-427C-A297-F2A623E33E37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:wireless_1410d_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A431B208-B3F6-4FDC-9476-7EA210CF451B",
"versionEndExcluding": "4.7.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:wireless_1410d_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53FDB1A1-A7BD-49F6-8C4C-45A1932E8AC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:wireless_1420_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48241B16-A938-49D2-9B05-8F6EE45A0F45",
"versionEndExcluding": "4.7.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:wireless_1420_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEB591C-621A-49A9-BEF0-5854B06490EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input."
},
{
"lang": "es",
"value": "El producto afectado es vulnerable a una inyecci\u00f3n de par\u00e1metros por medio de una frase de contrase\u00f1a, que permite al atacante suministrar entradas no controladas"
}
],
"id": "CVE-2021-42538",
"lastModified": "2024-11-21T06:27:45.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-22T14:15:08.810",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-42542
Vulnerability from fkie_nvd - Published: 2021-10-22 14:15 - Updated: 2024-11-21 06:27
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02 | Patch, Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:wireless_1410_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81295FA4-C0AE-4D54-986C-FB5D80AE394F",
"versionEndExcluding": "4.7.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:wireless_1410_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC94CCCF-5560-427C-A297-F2A623E33E37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:wireless_1410d_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A431B208-B3F6-4FDC-9476-7EA210CF451B",
"versionEndExcluding": "4.7.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:wireless_1410d_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53FDB1A1-A7BD-49F6-8C4C-45A1932E8AC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:wireless_1420_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48241B16-A938-49D2-9B05-8F6EE45A0F45",
"versionEndExcluding": "4.7.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:wireless_1420_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEB591C-621A-49A9-BEF0-5854B06490EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure."
},
{
"lang": "es",
"value": "El producto afectado es vulnerable a un salto de directorio debido a un manejo inapropiado de la estructura de carpetas de copia de seguridad proporcionada"
}
],
"id": "CVE-2021-42542",
"lastModified": "2024-11-21T06:27:46.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-22T14:15:08.993",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-42536
Vulnerability from fkie_nvd - Published: 2021-10-22 14:15 - Updated: 2024-11-21 06:27
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02 | Patch, Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:wireless_1410_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81295FA4-C0AE-4D54-986C-FB5D80AE394F",
"versionEndExcluding": "4.7.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:wireless_1410_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC94CCCF-5560-427C-A297-F2A623E33E37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:wireless_1410d_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A431B208-B3F6-4FDC-9476-7EA210CF451B",
"versionEndExcluding": "4.7.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:wireless_1410d_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53FDB1A1-A7BD-49F6-8C4C-45A1932E8AC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:wireless_1420_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48241B16-A938-49D2-9B05-8F6EE45A0F45",
"versionEndExcluding": "4.7.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:wireless_1420_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEB591C-621A-49A9-BEF0-5854B06490EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables."
},
{
"lang": "es",
"value": "El producto afectado es vulnerable a una divulgaci\u00f3n del nombre de usuario y la contrase\u00f1a de los compa\u00f1eros al permitir a todos los usuarios el acceso a una lectura de variables globales"
}
],
"id": "CVE-2021-42536",
"lastModified": "2024-11-21T06:27:45.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-22T14:15:08.750",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-38485
Vulnerability from fkie_nvd - Published: 2021-10-22 14:15 - Updated: 2024-11-21 06:17
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02 | Patch, Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:wireless_1410_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81295FA4-C0AE-4D54-986C-FB5D80AE394F",
"versionEndExcluding": "4.7.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:wireless_1410_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC94CCCF-5560-427C-A297-F2A623E33E37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:wireless_1410d_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A431B208-B3F6-4FDC-9476-7EA210CF451B",
"versionEndExcluding": "4.7.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:wireless_1410d_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53FDB1A1-A7BD-49F6-8C4C-45A1932E8AC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:wireless_1420_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48241B16-A938-49D2-9B05-8F6EE45A0F45",
"versionEndExcluding": "4.7.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:wireless_1420_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEB591C-621A-49A9-BEF0-5854B06490EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk."
},
{
"lang": "es",
"value": "El producto afectado es vulnerable una comprobaci\u00f3n de entrada inapropiada en el archivo de restauraci\u00f3n. Esto permite a un atacante proporcionar archivos de configuraci\u00f3n maliciosos para reemplazar cualquier archivo en el disco"
}
],
"id": "CVE-2021-38485",
"lastModified": "2024-11-21T06:17:13.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-22T14:15:08.580",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-42539
Vulnerability from fkie_nvd - Published: 2021-10-22 14:15 - Updated: 2024-11-21 06:27
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02 | Patch, Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:wireless_1410_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81295FA4-C0AE-4D54-986C-FB5D80AE394F",
"versionEndExcluding": "4.7.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:wireless_1410_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC94CCCF-5560-427C-A297-F2A623E33E37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:wireless_1410d_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A431B208-B3F6-4FDC-9476-7EA210CF451B",
"versionEndExcluding": "4.7.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:wireless_1410d_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53FDB1A1-A7BD-49F6-8C4C-45A1932E8AC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:wireless_1420_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48241B16-A938-49D2-9B05-8F6EE45A0F45",
"versionEndExcluding": "4.7.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:wireless_1420_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEB591C-621A-49A9-BEF0-5854B06490EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change."
},
{
"lang": "es",
"value": "El producto afectado es vulnerable a una falta de comprobaci\u00f3n de permisos en la restauraci\u00f3n de la copia de seguridad del sistema, lo que podr\u00eda conllevar a una toma de posesi\u00f3n de la cuenta y un cambio de configuraci\u00f3n no aprobado"
}
],
"id": "CVE-2021-42539",
"lastModified": "2024-11-21T06:27:45.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-22T14:15:08.870",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-42540
Vulnerability from fkie_nvd - Published: 2021-10-22 14:15 - Updated: 2024-11-21 06:27
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02 | Patch, Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:wireless_1410_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81295FA4-C0AE-4D54-986C-FB5D80AE394F",
"versionEndExcluding": "4.7.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:wireless_1410_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC94CCCF-5560-427C-A297-F2A623E33E37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:wireless_1410d_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A431B208-B3F6-4FDC-9476-7EA210CF451B",
"versionEndExcluding": "4.7.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:wireless_1410d_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53FDB1A1-A7BD-49F6-8C4C-45A1932E8AC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:wireless_1420_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48241B16-A938-49D2-9B05-8F6EE45A0F45",
"versionEndExcluding": "4.7.94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:wireless_1420_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEB591C-621A-49A9-BEF0-5854B06490EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality."
},
{
"lang": "es",
"value": "El producto afectado es vulnerable a una carpeta de extracci\u00f3n no saneada para la configuraci\u00f3n del sistema. Un usuario con pocos privilegios puede aprovechar esta l\u00f3gica para sobrescribir la configuraci\u00f3n y otras funcionalidades clave"
}
],
"id": "CVE-2021-42540",
"lastModified": "2024-11-21T06:27:46.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-22T14:15:08.933",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-123"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-12030
Vulnerability from fkie_nvd - Published: 2021-09-29 20:15 - Updated: 2024-11-21 04:59
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:wireless_1410_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8889B23B-B3B7-4B0C-AEB8-4B4857BA8D30",
"versionEndIncluding": "4.7.84",
"versionStartIncluding": "4.6.43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:wireless_1410_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF1A7F9-86E8-4B21-9C98-2E3E0AE3BBBB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:wireless_1420_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25464141-5AE4-48CA-8719-E2B8A170D858",
"versionEndIncluding": "4.7.84",
"versionStartIncluding": "4.6.43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:wireless_1420_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEB591C-621A-49A9-BEF0-5854B06490EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:wireless_1552wu_gateway_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E3AAECD-1129-48A8-991B-911CCBA28CDA",
"versionEndIncluding": "4.7.84",
"versionStartIncluding": "4.6.43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:wireless_1552wu_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7A8A69-4F11-4AF0-9F64-80E34DB4C46E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a flaw in the code used to configure the internal gateway firewall when the gateway\u0027s VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway."
},
{
"lang": "es",
"value": "Se presenta un fallo en el c\u00f3digo usado para configurar el firewall del gateway interno cuando la funci\u00f3n VLAN del gateway est\u00e1 activada. Si un usuario habilita la configuraci\u00f3n de la VLAN, el firewall del gateway interna se desactiva, resultando en una exposici\u00f3n de todos los puertos usados por el gateway"
}
],
"id": "CVE-2020-12030",
"lastModified": "2024-11-21T04:59:08.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-29T20:15:07.870",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-38485 (GCVE-0-2021-38485)
Vulnerability from cvelistv5 – Published: 2021-10-22 13:23 – Updated: 2024-09-16 20:58
VLAI?
Summary
The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | WirelessHART Gateway |
Affected:
1410 , ≤ 4.7.94
(custom)
Affected: 1410D , ≤ 4.7.94 (custom) Affected: 1420 , ≤ 4.7.94 (custom) |
Credits
Amir Preminger of Claroty reported these vulnerabilities to CISA
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:22.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WirelessHART Gateway",
"vendor": "Emerson",
"versions": [
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1410",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1410D",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1420",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
}
],
"datePublic": "2021-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-22T13:23:38",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
}
],
"source": {
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"discovery": "UNKNOWN"
},
"title": "Emerson WirelessHART Gateway",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
"ID": "CVE-2021-38485",
"STATE": "PUBLIC",
"TITLE": "Emerson WirelessHART Gateway"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WirelessHART Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1410",
"version_value": "4.7.94"
},
{
"version_affected": "\u003c=",
"version_name": "1410D",
"version_value": "4.7.94"
},
{
"version_affected": "\u003c=",
"version_name": "1420",
"version_value": "4.7.94"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
}
],
"source": {
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-38485",
"datePublished": "2021-10-22T13:23:38.936836Z",
"dateReserved": "2021-08-10T00:00:00",
"dateUpdated": "2024-09-16T20:58:26.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42542 (GCVE-0-2021-42542)
Vulnerability from cvelistv5 – Published: 2021-10-22 13:23 – Updated: 2024-09-16 17:52
VLAI?
Summary
The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | WirelessHART Gateway |
Affected:
1410 , ≤ 4.7.94
(custom)
Affected: 1410D , ≤ 4.7.94 (custom) Affected: 1420 , ≤ 4.7.94 (custom) |
Credits
Amir Preminger of Claroty reported these vulnerabilities to CISA
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:49.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WirelessHART Gateway",
"vendor": "Emerson",
"versions": [
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1410",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1410D",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1420",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
}
],
"datePublic": "2021-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-22T13:23:29",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
}
],
"source": {
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"discovery": "UNKNOWN"
},
"title": "Emerson WirelessHART Gateway",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
"ID": "CVE-2021-42542",
"STATE": "PUBLIC",
"TITLE": "Emerson WirelessHART Gateway"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WirelessHART Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1410",
"version_value": "4.7.94"
},
{
"version_affected": "\u003c=",
"version_name": "1410D",
"version_value": "4.7.94"
},
{
"version_affected": "\u003c=",
"version_name": "1420",
"version_value": "4.7.94"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
}
],
"source": {
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42542",
"datePublished": "2021-10-22T13:23:29.883541Z",
"dateReserved": "2021-10-15T00:00:00",
"dateUpdated": "2024-09-16T17:52:49.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42540 (GCVE-0-2021-42540)
Vulnerability from cvelistv5 – Published: 2021-10-22 13:23 – Updated: 2024-09-16 21:04
VLAI?
Summary
The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.
Severity ?
CWE
- CWE-123 - Write-what-where Condition
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | WirelessHART Gateway |
Affected:
1410 , ≤ 4.7.94
(custom)
Affected: 1410D , ≤ 4.7.94 (custom) Affected: 1420 , ≤ 4.7.94 (custom) |
Credits
Amir Preminger of Claroty reported these vulnerabilities to CISA
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WirelessHART Gateway",
"vendor": "Emerson",
"versions": [
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1410",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1410D",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1420",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
}
],
"datePublic": "2021-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-123",
"description": "CWE-123 Write-what-where Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-22T13:23:22",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
}
],
"source": {
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"discovery": "UNKNOWN"
},
"title": "Emerson WirelessHART Gateway",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
"ID": "CVE-2021-42540",
"STATE": "PUBLIC",
"TITLE": "Emerson WirelessHART Gateway"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WirelessHART Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1410",
"version_value": "4.7.94"
},
{
"version_affected": "\u003c=",
"version_name": "1410D",
"version_value": "4.7.94"
},
{
"version_affected": "\u003c=",
"version_name": "1420",
"version_value": "4.7.94"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-123 Write-what-where Condition"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
}
],
"source": {
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42540",
"datePublished": "2021-10-22T13:23:22.604576Z",
"dateReserved": "2021-10-15T00:00:00",
"dateUpdated": "2024-09-16T21:04:12.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42536 (GCVE-0-2021-42536)
Vulnerability from cvelistv5 – Published: 2021-10-22 13:23 – Updated: 2024-09-17 00:41
VLAI?
Summary
The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables.
Severity ?
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | WirelessHART Gateway |
Affected:
1410 , ≤ 4.7.94
(custom)
Affected: 1410D , ≤ 4.7.94 (custom) Affected: 1420 , ≤ 4.7.94 (custom) |
Credits
Amir Preminger of Claroty reported these vulnerabilities to CISA
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WirelessHART Gateway",
"vendor": "Emerson",
"versions": [
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1410",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1410D",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1420",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
}
],
"datePublic": "2021-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-22T13:23:15",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
}
],
"source": {
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"discovery": "UNKNOWN"
},
"title": "Emerson WirelessHART Gateway",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
"ID": "CVE-2021-42536",
"STATE": "PUBLIC",
"TITLE": "Emerson WirelessHART Gateway"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WirelessHART Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1410",
"version_value": "4.7.94"
},
{
"version_affected": "\u003c=",
"version_name": "1410D",
"version_value": "4.7.94"
},
{
"version_affected": "\u003c=",
"version_name": "1420",
"version_value": "4.7.94"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
}
],
"source": {
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42536",
"datePublished": "2021-10-22T13:23:15.613414Z",
"dateReserved": "2021-10-15T00:00:00",
"dateUpdated": "2024-09-17T00:41:22.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42539 (GCVE-0-2021-42539)
Vulnerability from cvelistv5 – Published: 2021-10-22 13:23 – Updated: 2024-09-16 18:03
VLAI?
Summary
The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | WirelessHART Gateway |
Affected:
1410 , ≤ 4.7.94
(custom)
Affected: 1410D , ≤ 4.7.94 (custom) Affected: 1420 , ≤ 4.7.94 (custom) |
Credits
Amir Preminger of Claroty reported these vulnerabilities to CISA
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WirelessHART Gateway",
"vendor": "Emerson",
"versions": [
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1410",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1410D",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1420",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
}
],
"datePublic": "2021-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-22T13:23:08",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
}
],
"source": {
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"discovery": "UNKNOWN"
},
"title": "Emerson WirelessHART Gateway",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
"ID": "CVE-2021-42539",
"STATE": "PUBLIC",
"TITLE": "Emerson WirelessHART Gateway"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WirelessHART Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1410",
"version_value": "4.7.94"
},
{
"version_affected": "\u003c=",
"version_name": "1410D",
"version_value": "4.7.94"
},
{
"version_affected": "\u003c=",
"version_name": "1420",
"version_value": "4.7.94"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
}
],
"source": {
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42539",
"datePublished": "2021-10-22T13:23:08.904247Z",
"dateReserved": "2021-10-15T00:00:00",
"dateUpdated": "2024-09-16T18:03:13.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42538 (GCVE-0-2021-42538)
Vulnerability from cvelistv5 – Published: 2021-10-22 13:23 – Updated: 2024-09-17 00:11
VLAI?
Summary
The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.
Severity ?
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | WirelessHART Gateway |
Affected:
1410 , ≤ 4.7.94
(custom)
Affected: 1410D , ≤ 4.7.94 (custom) Affected: 1420 , ≤ 4.7.94 (custom) |
Credits
Amir Preminger of Claroty reported these vulnerabilities to CISA
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WirelessHART Gateway",
"vendor": "Emerson",
"versions": [
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1410",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1410D",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1420",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
}
],
"datePublic": "2021-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-22T13:23:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
}
],
"source": {
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"discovery": "UNKNOWN"
},
"title": "Emerson WirelessHART Gateway",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
"ID": "CVE-2021-42538",
"STATE": "PUBLIC",
"TITLE": "Emerson WirelessHART Gateway"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WirelessHART Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1410",
"version_value": "4.7.94"
},
{
"version_affected": "\u003c=",
"version_name": "1410D",
"version_value": "4.7.94"
},
{
"version_affected": "\u003c=",
"version_name": "1420",
"version_value": "4.7.94"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
}
],
"source": {
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42538",
"datePublished": "2021-10-22T13:23:02.452388Z",
"dateReserved": "2021-10-15T00:00:00",
"dateUpdated": "2024-09-17T00:11:59.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12030 (GCVE-0-2020-12030)
Vulnerability from cvelistv5 – Published: 2021-09-29 19:36 – Updated: 2024-08-04 11:48
VLAI?
Summary
There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway.
Severity ?
10 (Critical)
CWE
- CWE-284 - IMPROPER ACCESS CONTROL CWE-284
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Emerson | Wireless 1410 Gateway |
Affected:
4.6.43 , ≤ 4.7.84
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Emerson discovered this vulnerability and reported it to CISA once there was a solution.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:57.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireless 1410 Gateway",
"vendor": "Emerson",
"versions": [
{
"lessThanOrEqual": "4.7.84",
"status": "affected",
"version": "4.6.43",
"versionType": "custom"
}
]
},
{
"product": "Wireless 1420 Gateway",
"vendor": "Emerson",
"versions": [
{
"lessThanOrEqual": "4.7.84",
"status": "affected",
"version": "4.6.43",
"versionType": "custom"
}
]
},
{
"product": "Wireless 1552WU Gateway",
"vendor": "Emerson",
"versions": [
{
"lessThanOrEqual": "4.7.84",
"status": "affected",
"version": "4.6.43",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Emerson discovered this vulnerability and reported it to CISA once there was a solution."
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a flaw in the code used to configure the internal gateway firewall when the gateway\u0027s VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": " IMPROPER ACCESS CONTROL CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-29T19:36:38",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Emerson recommends end users update the firmware on VLAN-enabled Version 4 gateways as soon as possible.\n\nIf the VLAN feature is not enabled, no immediate action is necessary.\nPlease see Emerson\u2019s cybersecurity notification alert number EMR.RMT20001-1 for more information."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Emerson WirelessHART Gateway",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-12030",
"STATE": "PUBLIC",
"TITLE": "Emerson WirelessHART Gateway"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wireless 1410 Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.6.43",
"version_value": "4.7.84"
}
]
}
},
{
"product_name": "Wireless 1420 Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.6.43",
"version_value": "4.7.84"
}
]
}
},
{
"product_name": "Wireless 1552WU Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.6.43",
"version_value": "4.7.84"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Emerson discovered this vulnerability and reported it to CISA once there was a solution."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a flaw in the code used to configure the internal gateway firewall when the gateway\u0027s VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": " IMPROPER ACCESS CONTROL CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Emerson recommends end users update the firmware on VLAN-enabled Version 4 gateways as soon as possible.\n\nIf the VLAN feature is not enabled, no immediate action is necessary.\nPlease see Emerson\u2019s cybersecurity notification alert number EMR.RMT20001-1 for more information."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-12030",
"datePublished": "2021-09-29T19:36:38",
"dateReserved": "2020-04-21T00:00:00",
"dateUpdated": "2024-08-04T11:48:57.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38485 (GCVE-0-2021-38485)
Vulnerability from nvd – Published: 2021-10-22 13:23 – Updated: 2024-09-16 20:58
VLAI?
Summary
The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | WirelessHART Gateway |
Affected:
1410 , ≤ 4.7.94
(custom)
Affected: 1410D , ≤ 4.7.94 (custom) Affected: 1420 , ≤ 4.7.94 (custom) |
Credits
Amir Preminger of Claroty reported these vulnerabilities to CISA
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:22.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WirelessHART Gateway",
"vendor": "Emerson",
"versions": [
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1410",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1410D",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1420",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
}
],
"datePublic": "2021-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-22T13:23:38",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
}
],
"source": {
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"discovery": "UNKNOWN"
},
"title": "Emerson WirelessHART Gateway",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
"ID": "CVE-2021-38485",
"STATE": "PUBLIC",
"TITLE": "Emerson WirelessHART Gateway"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WirelessHART Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1410",
"version_value": "4.7.94"
},
{
"version_affected": "\u003c=",
"version_name": "1410D",
"version_value": "4.7.94"
},
{
"version_affected": "\u003c=",
"version_name": "1420",
"version_value": "4.7.94"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
}
],
"source": {
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-38485",
"datePublished": "2021-10-22T13:23:38.936836Z",
"dateReserved": "2021-08-10T00:00:00",
"dateUpdated": "2024-09-16T20:58:26.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42542 (GCVE-0-2021-42542)
Vulnerability from nvd – Published: 2021-10-22 13:23 – Updated: 2024-09-16 17:52
VLAI?
Summary
The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | WirelessHART Gateway |
Affected:
1410 , ≤ 4.7.94
(custom)
Affected: 1410D , ≤ 4.7.94 (custom) Affected: 1420 , ≤ 4.7.94 (custom) |
Credits
Amir Preminger of Claroty reported these vulnerabilities to CISA
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:49.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WirelessHART Gateway",
"vendor": "Emerson",
"versions": [
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1410",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1410D",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1420",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
}
],
"datePublic": "2021-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-22T13:23:29",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
}
],
"source": {
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"discovery": "UNKNOWN"
},
"title": "Emerson WirelessHART Gateway",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
"ID": "CVE-2021-42542",
"STATE": "PUBLIC",
"TITLE": "Emerson WirelessHART Gateway"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WirelessHART Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1410",
"version_value": "4.7.94"
},
{
"version_affected": "\u003c=",
"version_name": "1410D",
"version_value": "4.7.94"
},
{
"version_affected": "\u003c=",
"version_name": "1420",
"version_value": "4.7.94"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
}
],
"source": {
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42542",
"datePublished": "2021-10-22T13:23:29.883541Z",
"dateReserved": "2021-10-15T00:00:00",
"dateUpdated": "2024-09-16T17:52:49.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42540 (GCVE-0-2021-42540)
Vulnerability from nvd – Published: 2021-10-22 13:23 – Updated: 2024-09-16 21:04
VLAI?
Summary
The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.
Severity ?
CWE
- CWE-123 - Write-what-where Condition
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | WirelessHART Gateway |
Affected:
1410 , ≤ 4.7.94
(custom)
Affected: 1410D , ≤ 4.7.94 (custom) Affected: 1420 , ≤ 4.7.94 (custom) |
Credits
Amir Preminger of Claroty reported these vulnerabilities to CISA
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WirelessHART Gateway",
"vendor": "Emerson",
"versions": [
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1410",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1410D",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1420",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
}
],
"datePublic": "2021-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-123",
"description": "CWE-123 Write-what-where Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-22T13:23:22",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
}
],
"source": {
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"discovery": "UNKNOWN"
},
"title": "Emerson WirelessHART Gateway",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
"ID": "CVE-2021-42540",
"STATE": "PUBLIC",
"TITLE": "Emerson WirelessHART Gateway"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WirelessHART Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1410",
"version_value": "4.7.94"
},
{
"version_affected": "\u003c=",
"version_name": "1410D",
"version_value": "4.7.94"
},
{
"version_affected": "\u003c=",
"version_name": "1420",
"version_value": "4.7.94"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-123 Write-what-where Condition"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
}
],
"source": {
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42540",
"datePublished": "2021-10-22T13:23:22.604576Z",
"dateReserved": "2021-10-15T00:00:00",
"dateUpdated": "2024-09-16T21:04:12.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42536 (GCVE-0-2021-42536)
Vulnerability from nvd – Published: 2021-10-22 13:23 – Updated: 2024-09-17 00:41
VLAI?
Summary
The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables.
Severity ?
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | WirelessHART Gateway |
Affected:
1410 , ≤ 4.7.94
(custom)
Affected: 1410D , ≤ 4.7.94 (custom) Affected: 1420 , ≤ 4.7.94 (custom) |
Credits
Amir Preminger of Claroty reported these vulnerabilities to CISA
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WirelessHART Gateway",
"vendor": "Emerson",
"versions": [
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1410",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1410D",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1420",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
}
],
"datePublic": "2021-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-22T13:23:15",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
}
],
"source": {
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"discovery": "UNKNOWN"
},
"title": "Emerson WirelessHART Gateway",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
"ID": "CVE-2021-42536",
"STATE": "PUBLIC",
"TITLE": "Emerson WirelessHART Gateway"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WirelessHART Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1410",
"version_value": "4.7.94"
},
{
"version_affected": "\u003c=",
"version_name": "1410D",
"version_value": "4.7.94"
},
{
"version_affected": "\u003c=",
"version_name": "1420",
"version_value": "4.7.94"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
}
],
"source": {
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42536",
"datePublished": "2021-10-22T13:23:15.613414Z",
"dateReserved": "2021-10-15T00:00:00",
"dateUpdated": "2024-09-17T00:41:22.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42539 (GCVE-0-2021-42539)
Vulnerability from nvd – Published: 2021-10-22 13:23 – Updated: 2024-09-16 18:03
VLAI?
Summary
The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | WirelessHART Gateway |
Affected:
1410 , ≤ 4.7.94
(custom)
Affected: 1410D , ≤ 4.7.94 (custom) Affected: 1420 , ≤ 4.7.94 (custom) |
Credits
Amir Preminger of Claroty reported these vulnerabilities to CISA
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WirelessHART Gateway",
"vendor": "Emerson",
"versions": [
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1410",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1410D",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1420",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
}
],
"datePublic": "2021-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-22T13:23:08",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
}
],
"source": {
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"discovery": "UNKNOWN"
},
"title": "Emerson WirelessHART Gateway",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
"ID": "CVE-2021-42539",
"STATE": "PUBLIC",
"TITLE": "Emerson WirelessHART Gateway"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WirelessHART Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1410",
"version_value": "4.7.94"
},
{
"version_affected": "\u003c=",
"version_name": "1410D",
"version_value": "4.7.94"
},
{
"version_affected": "\u003c=",
"version_name": "1420",
"version_value": "4.7.94"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
}
],
"source": {
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42539",
"datePublished": "2021-10-22T13:23:08.904247Z",
"dateReserved": "2021-10-15T00:00:00",
"dateUpdated": "2024-09-16T18:03:13.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42538 (GCVE-0-2021-42538)
Vulnerability from nvd – Published: 2021-10-22 13:23 – Updated: 2024-09-17 00:11
VLAI?
Summary
The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.
Severity ?
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | WirelessHART Gateway |
Affected:
1410 , ≤ 4.7.94
(custom)
Affected: 1410D , ≤ 4.7.94 (custom) Affected: 1420 , ≤ 4.7.94 (custom) |
Credits
Amir Preminger of Claroty reported these vulnerabilities to CISA
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WirelessHART Gateway",
"vendor": "Emerson",
"versions": [
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1410",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1410D",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.7.94",
"status": "affected",
"version": "1420",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
}
],
"datePublic": "2021-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-22T13:23:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
}
],
"source": {
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"discovery": "UNKNOWN"
},
"title": "Emerson WirelessHART Gateway",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
"ID": "CVE-2021-42538",
"STATE": "PUBLIC",
"TITLE": "Emerson WirelessHART Gateway"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WirelessHART Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1410",
"version_value": "4.7.94"
},
{
"version_affected": "\u003c=",
"version_name": "1410D",
"version_value": "4.7.94"
},
{
"version_affected": "\u003c=",
"version_name": "1420",
"version_value": "4.7.94"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
}
],
"source": {
"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42538",
"datePublished": "2021-10-22T13:23:02.452388Z",
"dateReserved": "2021-10-15T00:00:00",
"dateUpdated": "2024-09-17T00:11:59.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12030 (GCVE-0-2020-12030)
Vulnerability from nvd – Published: 2021-09-29 19:36 – Updated: 2024-08-04 11:48
VLAI?
Summary
There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway.
Severity ?
10 (Critical)
CWE
- CWE-284 - IMPROPER ACCESS CONTROL CWE-284
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Emerson | Wireless 1410 Gateway |
Affected:
4.6.43 , ≤ 4.7.84
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Emerson discovered this vulnerability and reported it to CISA once there was a solution.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:57.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireless 1410 Gateway",
"vendor": "Emerson",
"versions": [
{
"lessThanOrEqual": "4.7.84",
"status": "affected",
"version": "4.6.43",
"versionType": "custom"
}
]
},
{
"product": "Wireless 1420 Gateway",
"vendor": "Emerson",
"versions": [
{
"lessThanOrEqual": "4.7.84",
"status": "affected",
"version": "4.6.43",
"versionType": "custom"
}
]
},
{
"product": "Wireless 1552WU Gateway",
"vendor": "Emerson",
"versions": [
{
"lessThanOrEqual": "4.7.84",
"status": "affected",
"version": "4.6.43",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Emerson discovered this vulnerability and reported it to CISA once there was a solution."
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a flaw in the code used to configure the internal gateway firewall when the gateway\u0027s VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": " IMPROPER ACCESS CONTROL CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-29T19:36:38",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Emerson recommends end users update the firmware on VLAN-enabled Version 4 gateways as soon as possible.\n\nIf the VLAN feature is not enabled, no immediate action is necessary.\nPlease see Emerson\u2019s cybersecurity notification alert number EMR.RMT20001-1 for more information."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Emerson WirelessHART Gateway",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-12030",
"STATE": "PUBLIC",
"TITLE": "Emerson WirelessHART Gateway"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wireless 1410 Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.6.43",
"version_value": "4.7.84"
}
]
}
},
{
"product_name": "Wireless 1420 Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.6.43",
"version_value": "4.7.84"
}
]
}
},
{
"product_name": "Wireless 1552WU Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.6.43",
"version_value": "4.7.84"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Emerson discovered this vulnerability and reported it to CISA once there was a solution."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a flaw in the code used to configure the internal gateway firewall when the gateway\u0027s VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": " IMPROPER ACCESS CONTROL CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Emerson recommends end users update the firmware on VLAN-enabled Version 4 gateways as soon as possible.\n\nIf the VLAN feature is not enabled, no immediate action is necessary.\nPlease see Emerson\u2019s cybersecurity notification alert number EMR.RMT20001-1 for more information."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-12030",
"datePublished": "2021-09-29T19:36:38",
"dateReserved": "2020-04-21T00:00:00",
"dateUpdated": "2024-08-04T11:48:57.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}