FKIE_CVE-2021-32986
Vulnerability from fkie_nvd - Published: 2022-04-04 20:15 - Updated: 2024-11-21 06:08
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-10dd1e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "809BA584-F893-4DE1-ABFF-159EEAA358FF",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-10dd1e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A81E6705-D033-4024-8FA5-3B8126BA99DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-10dd2e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D135DAD-1CC9-4489-A0A1-4A9B08F5BA5B",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-10dd2e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F590AF4-E9CB-4C9A-B1A9-6181FBC81336",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-10dre-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D76AFBCC-2260-4E5D-8534-D7157A8B363A",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-10dre-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F690E38A-3290-4331-BCE0-0EC147805556",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-10are-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEF7DCB-3CF4-4A64-971F-C0287E294CBA",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-10are-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7D9142-7F82-4E45-A306-4A899E3ABF4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-11dd1e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F949EF9C-5F50-4D10-8D25-D0C56657C0D1",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-11dd1e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97209878-20DD-4121-A1D5-A4D96911FEE7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-11dd2e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "335D4844-DE34-4806-9B76-E2B4AD91DA96",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-11dd2e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E60966AB-7ACE-42EC-AEC6-8CDC05598916",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-11dre-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A5E2F8-C024-4DCC-923A-983379B0A645",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-11dre-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2E6605-6623-47CF-8632-10BDF2793189",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-11are-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C026105-7051-4F16-BC05-3AC15AA18506",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-11are-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13C86840-19DF-4F2F-B2AC-ECC37D915E76",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DFCF51-8057-46B0-9692-691D8190EC8A",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0341C73-C0B9-4FAD-B254-BF2B9899C4E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A77D3278-58CD-4715-851A-BD4298C1EBD4",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7942D90E-3014-4802-89EE-1CA9708A92D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dre-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16FA238D-3252-4207-BCB0-17E2E53A6A4B",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dre-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "345CC4B9-6EE6-4B0B-87A6-941F7A581191",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12are-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6974892E-A4BD-4D1A-B029-763FA5EC1458",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12are-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A273D864-AE1A-411C-BBD7-4907DD8B349E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-1-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D2CC279-840B-4688-B981-11CEC476BEB9",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-1-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3F7FA9-A7D4-499E-8C52-155FB93E6522",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-1-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A25805A-F49D-4305-8108-F4D509304213",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-1-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "464C9AF0-BA89-4989-BE03-D0C30B3BEFFA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dre-1-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBC8833-C0B8-4D23-A1D2-55FAFAA48BA7",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dre-1-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6415993D-A15E-4295-B151-8388550156A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12are-1-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8121DA90-D68C-46B6-9B8B-468F3F5E7CAA",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12are-1-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B04C302C-DB3D-4B3B-BE7C-5AD621AEF02A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-2-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79E1F884-FA09-45E7-BFC0-F7482EA5A8BA",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-2-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B362D366-AD0C-4D78-91EF-67F205550820",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-2-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F74838CA-C58B-427F-9429-080D8CE5217E",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-2-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F5F7E6-34EA-44A9-B26D-C8B7E281FB31",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12dre-2-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3184B1-9DDE-4661-A225-AB32D81A84A8",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12dre-2-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AA4EA2B-77A8-4852-A84D-FB8B67F64393",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:c0-12are-2-d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BADBAD-0F6B-4CE4-BFB6-9018BDE278BC",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:c0-12are-2-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00066AE3-08DF-4CCC-97A6-A4D8A4BC40F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly."
},
{
"lang": "es",
"value": "Despu\u00e9s de los m\u00f3dulos de CPU del PLC CLICK de Automation Direct: C0-1x con versiones de firmware anteriores a v3.00, son desbloqueados por un usuario autorizado, el estado de desbloqueo no es agotado. Si el software de programaci\u00f3n es interrumpido, el PLC permanece desbloqueado. Todas las conexiones de programaci\u00f3n posteriores son permitidas sin autorizaci\u00f3n. El PLC s\u00f3lo es vuelto a bloquear por un ciclo de energ\u00eda, o cuando el software de programaci\u00f3n es desconectado correctamente"
}
],
"id": "CVE-2021-32986",
"lastModified": "2024-11-21T06:08:04.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-04T20:15:09.207",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-288"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…