CVE-2021-33842
Circutor SGE-PLC1000 improper authentication
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located.
Una vulnerabilidad de Autenticación Inapropiada en el parámetro cookies de Circutor SGE-PLC1000 versión del firmware 0.9.2b, permite a un atacante llevar a cabo operaciones como un usuario autenticado. Para explotar esta vulnerabilidad, el atacante debe estar dentro de la red donde se encuentra el dispositivo afectado
*Credits:
Industrial Cybersecurity team of S21sec, special mention to Aarón Flecha Menéndez.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-06-04 CVE Reserved
- 2021-06-09 CVE Published
- 2024-02-22 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-565: Reliance on Cookies without Validation and Integrity Checking
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.incibe.es/en/incibe-cert/notices/aviso-sci/circutor-sge-plc1000-improper-authentication | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Circutor Search vendor "Circutor" | Sge-plc1000 Firmware Search vendor "Circutor" for product "Sge-plc1000 Firmware" | 0.9.2b Search vendor "Circutor" for product "Sge-plc1000 Firmware" and version "0.9.2b" | - |
Affected
| in | Circutor Search vendor "Circutor" | Sge-plc1000 Search vendor "Circutor" for product "Sge-plc1000" | - | - |
Safe
|