CVE-2021-32942
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location.
La vulnerabilidad podría exponer credenciales en texto sin cifrar de AVEVA InTouch Runtime 2020 R2 y todas las versiones anteriores (WindowViewer) si un usuario autorizado privilegiado crea un volcado de memoria de diagnóstico del proceso y lo guarda en una ubicación no protegida
*Credits:
Ilya Karpov, Evgeniy Druzhinin, and Konstantin Kondratev of Rostelecom-Solar reported this vulnerability to AVEVA.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-05-13 CVE Reserved
- 2021-06-09 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-312: Cleartext Storage of Sensitive Information
- CWE-316: Cleartext Storage of Sensitive Information in Memory
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-159-03 | 2022-10-25 | |
| https://www.aveva.com/en/support/cyber-security-updates | 2022-10-25 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Aveva Search vendor "Aveva" | Intouch 2017 Search vendor "Aveva" for product "Intouch 2017" | - | update3 |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Intouch 2020 Search vendor "Aveva" for product "Intouch 2020" | - | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Intouch 2020 Search vendor "Aveva" for product "Intouch 2020" | r2 Search vendor "Aveva" for product "Intouch 2020" and version "r2" | - |
Affected
| ||||||