Vulnerability-Lookup

GHSA-HP9F-Q9F5-CGHF

Vulnerability from github – Published: 2022-04-03 00:01 – Updated: 2022-04-12 00:01

Details

A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is therefore vulnerable to binary hijacking.

Severity

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-32957"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-01T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is therefore vulnerable to binary hijacking.",
  "id": "GHSA-hp9f-q9f5-cghf",
  "modified": "2022-04-12T00:01:10Z",
  "published": "2022-04-03T00:01:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32957"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-189-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2021-32957 (GCVE-0-2021-32957)

Vulnerability from cvelistv5 – Published: 2022-04-01 22:17 – Updated: 2025-04-16 16:34

Title

MDT AutoSave Uncontrolled Search Path Element

Summary

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-89 - SQL Injection

Assigner

icscert

References

1 reference

URL	Tags
https://www.cisa.gov/uscert/ics/advisories/icsa-2…	x_refsource_CONFIRM

Impacted products

4 products

Vendor	Product	Version
MDT Software	MDT AutoSave	Affected: unspecified , < 6.02.06 (custom)
MDT Software	MDT AutoSave	Affected: 7.00 , < 7.04 (custom)
MDT Software	AutoSave for System Platform (A4SP)	Affected: unspecified , < 4.01 (custom)
MDT Software	A4SP	Affected: 5.00

Credits

Amir Preminger of Claroty Research reported these vulnerabilities to MDT Software.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:33:56.379Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-189-02"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-32957",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:58:26.135784Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:34:14.242Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MDT AutoSave",
          "vendor": "MDT Software",
          "versions": [
            {
              "lessThan": "6.02.06",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MDT AutoSave",
          "vendor": "MDT Software",
          "versions": [
            {
              "lessThan": "7.04",
              "status": "affected",
              "version": "7.00",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "AutoSave for System Platform (A4SP)",
          "vendor": "MDT Software",
          "versions": [
            {
              "lessThan": "4.01",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "A4SP",
          "vendor": "MDT Software",
          "versions": [
            {
              "status": "affected",
              "version": "5.00"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Amir Preminger of Claroty Research reported these vulnerabilities to MDT Software."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is therefore vulnerable to binary hijacking."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: SQL Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-01T22:17:08.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-189-02"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Updated versions of MDT AutoSave and AutoSave for System Platform (A4SP) were developed to address these vulnerabilities as follows:\nMDT AutoSave 6.x version: Version 6.02.06 (Released January 2021)\nMDT AutoSave 7.x version: Version 7.05 (Released December 2020)\nA4SP 4.x version: Version 4.01 (Released June 2021)\nA4SP 5.x version: Version 5.01 (Released May 2021)\n\nFor more information about these vulnerabilities, and to obtain and install the new versions, please contact MDT Software customer support."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "MDT AutoSave Uncontrolled Search Path Element",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2021-32957",
          "STATE": "PUBLIC",
          "TITLE": "MDT AutoSave Uncontrolled Search Path Element"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MDT AutoSave",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.02.06"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MDT AutoSave",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.00",
                            "version_value": "7.04"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "AutoSave for System Platform (A4SP)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.01"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "A4SP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "5.00"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "MDT Software"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Amir Preminger of Claroty Research reported these vulnerabilities to MDT Software."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is therefore vulnerable to binary hijacking."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-89: SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-189-02",
              "refsource": "CONFIRM",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-189-02"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Updated versions of MDT AutoSave and AutoSave for System Platform (A4SP) were developed to address these vulnerabilities as follows:\nMDT AutoSave 6.x version: Version 6.02.06 (Released January 2021)\nMDT AutoSave 7.x version: Version 7.05 (Released December 2020)\nA4SP 4.x version: Version 4.01 (Released June 2021)\nA4SP 5.x version: Version 5.01 (Released May 2021)\n\nFor more information about these vulnerabilities, and to obtain and install the new versions, please contact MDT Software customer support."
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2021-32957",
    "datePublished": "2022-04-01T22:17:08.000Z",
    "dateReserved": "2021-05-13T00:00:00.000Z",
    "dateUpdated": "2025-04-16T16:34:14.242Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-HP9F-Q9F5-CGHF

CVE-2021-32957 (GCVE-0-2021-32957)

Tags

Sightings

Nomenclature