Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-37401
HistoryDec 28, 2021 - 1:15 p.m.

CVE-2021-37401

2021-12-2813:15:08
CWE-522
[email protected]
web.nvd.nist.gov
24
cve-2021-37401
attacker
user credentials
file servers
backup repositories
zld files
sd cards
plc
user program

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.2%

JSON

An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded.

Affected configurations

NVD
Node
idecdata_file_managerRange2.12.1
OR
idecwindeditRange1.3.1
OR
idecwindldrRange8.19.1
Node
idecmicrosmart_plus_fc6bMatch-
AND
idecmicrosmart_plus_fc6b_firmwareRange2.31
Node
idecmicrosmart_plus_fc6aMatch-
AND
idecmicrosmart_plus_fc6a_firmwareRange1.91
Node
idecmicrosmart_fc6bMatch-
AND
idecmicrosmart_fc6b_firmwareRange2.31
Node
idecmicrosmart_fc6aMatch-
AND
idecmicrosmart_fc6a_firmwareRange2.32
Node
idecft1a_smartaxix_proMatch-
AND
idecft1a_smartaxix_pro_firmwareRange2.31
Node
idecft1a_smartaxix_liteMatch-
AND
idecft1a_smartaxix_lite_firmwareRange2.31

Related

prion 1
nvd 1
cnvd 1
cvelist 1
ics 1
prion
prion
Design/Logic Flaw
2021-12-28 13:15:00
nvd
nvd
CVE-2021-37401
2021-12-28 13:15:08
cnvd
cnvd
IDEC PLC has an unspecified vulnerability (CNVD-2022-02761)
2022-01-07 00:00:00
cvelist
cvelist
CVE-2021-37401
2021-12-28 12:09:52
ics
ics
IDEC PLCs
2022-01-06 12:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.2%

JSON
Related for CVE-2021-37401
prion1nvd1cnvd1cvelist1ics1