cnvd - cnvd-2021-61768

CNVD-2021-61768

Vulnerability from cnvd - Published: 2021-08-13

Title

Circutor SGE-PLC1000授权问题漏洞

Description

Circutor SGE-PLC1000是一个智能计量系统的设备。主要功能是通过CIRWATT电表或其他采用PRIME技术的电表管理市电。 Circutor SGE-PLC1000固件版本0.9.2b中存在授权问题漏洞，攻击者可利用该漏洞通过认证并进行操作。

Severity

高

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： http://circutor.com/en

Reference

https://www.incibe-cert.es/en/early-warning/ics-advisories/circutor-sge-plc1000-improper-authentication

Impacted products

Name
circutor Circutor SGE-PLC1000 0.9.2b

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-33842",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-33842"
    }
  },
  "description": "Circutor SGE-PLC1000\u662f\u4e00\u4e2a\u667a\u80fd\u8ba1\u91cf\u7cfb\u7edf\u7684\u8bbe\u5907\u3002\u4e3b\u8981\u529f\u80fd\u662f\u901a\u8fc7CIRWATT\u7535\u8868\u6216\u5176\u4ed6\u91c7\u7528PRIME\u6280\u672f\u7684\u7535\u8868\u7ba1\u7406\u5e02\u7535\u3002\n\nCircutor SGE-PLC1000\u56fa\u4ef6\u7248\u672c0.9.2b\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u8ba4\u8bc1\u5e76\u8fdb\u884c\u64cd\u4f5c\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttp://circutor.com/en",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-61768",
  "openTime": "2021-08-13",
  "products": {
    "product": "circutor Circutor SGE-PLC1000 0.9.2b"
  },
  "referenceLink": "https://www.incibe-cert.es/en/early-warning/ics-advisories/circutor-sge-plc1000-improper-authentication",
  "serverity": "\u9ad8",
  "submitTime": "2021-06-11",
  "title": "Circutor SGE-PLC1000\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2021-33842 (GCVE-0-2021-33842)

Vulnerability from cvelistv5 – Published: 2021-06-09 11:39 – Updated: 2024-09-16 20:01

Summary

Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-565 - Reliance on Cookies without Validation and Integrity Checking

Assigner

INCIBE

References

URL

Tags

https://www.incibe.es/en/incibe-cert/notices/avis…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Circutor	SGE-PLC1000	Affected: 0.9.2b

Credits

Industrial Cybersecurity team of S21sec, special mention to Aarón Flecha Menéndez.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:58:23.180Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/circutor-sge-plc1000-improper-authentication"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SGE-PLC1000",
          "vendor": "Circutor",
          "versions": [
            {
              "status": "affected",
              "version": "0.9.2b"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez."
        }
      ],
      "datePublic": "2021-06-07T22:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located."
            }
          ],
          "value": "Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-565",
              "description": "CWE-565 Reliance on Cookies without Validation and Integrity Checking",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-23T13:47:01.158Z",
        "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "shortName": "INCIBE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/circutor-sge-plc1000-improper-authentication"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue can be solved through a firmware upgrade that has already been released by the vendor."
            }
          ],
          "value": "This issue can be solved through a firmware upgrade that has already been released by the vendor."
        }
      ],
      "source": {
        "advisory": "INCIBE-2021-0228",
        "discovery": "EXTERNAL"
      },
      "title": "Circutor SGE-PLC1000 improper authentication",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-coordination@incibe.es",
          "DATE_PUBLIC": "2021-06-08T08:00:00.000Z",
          "ID": "CVE-2021-33842",
          "STATE": "PUBLIC",
          "TITLE": "Circutor SGE-PLC1000 improper authentication"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SGE-PLC1000",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "0.9.2b",
                            "version_value": "0.9.2b"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Circutor"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287: Improper Authentication"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/circutor-sge-plc1000-improper-authentication",
              "refsource": "CONFIRM",
              "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/circutor-sge-plc1000-improper-authentication"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue can be solved through a firmware upgrade that has already been released by the vendor."
          }
        ],
        "source": {
          "advisory": "INCIBE-2021-0228",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
    "assignerShortName": "INCIBE",
    "cveId": "CVE-2021-33842",
    "datePublished": "2021-06-09T11:39:52.302361Z",
    "dateReserved": "2021-06-04T00:00:00",
    "dateUpdated": "2024-09-16T20:01:18.942Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-61768

CVE-2021-33842 (GCVE-0-2021-33842)

Tags

Sightings

Nomenclature