Lucene search

INCIBECVELIST:CVE-2021-33842

HistoryJun 08, 2021 - 12:00 a.m.

CVE-2021-33842 Circutor SGE-PLC1000 improper authentication

2021-06-0800:00:00

CWE-565

INCIBE

www.cve.org

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.8%

JSON

Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SGE-PLC1000",
    "vendor": "Circutor",
    "versions": [
      {
        "status": "affected",
        "version": "0.9.2b"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso-sci/circutor-sge-plc1000-improper-authentication

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.8%

JSON

Related for CVELIST:CVE-2021-33842