Vulnerabilidades ICS Termómetro CCI 2021- 7 - Centro de ...

Página creada Pablo Ortiz
 
SEGUIR LEYENDO
Vulnerabilidades ICS Termómetro CCI 2021- 7 - Centro de ...
Vulnerabilidades
ICS Termómetro CCI
            2021- 7
Vulnerabilidades ICS Termómetro CCI 2021- 7 - Centro de ...
Tabla de contenido

Introducción .................................................................................................................. 4
Novedades 2021 ................................................................................................................... 4
Fabricantes y debilidades ICS ......................................................................................... 5
Nuevos fabricantes ............................................................................................................... 5
Nuevas debilidades ............................................................................................................... 5
Nuevas alertas ...................................................................................................................... 6
Mapa de riesgo .............................................................................................................. 7
Cambios en el riesgo de fabricante ...................................................................................... 7
ANEXO – I: Cálculo del mapa de riesgo........................................................................... 8
ANEXO II – Vulnerabilidades publicadas por el NIST desde el último termómetro CCI .... 9
Vulnerabilidades ICS Termómetro CCI 2021- 7 - Centro de ...
Profesional de la
Ciberseguridad industrial
desde hace más de diez años
en distintas empresas como
Schneider Electric, S21sec,
EY, SecurityMatters,
Forescout, Telefónica y
actualmente enTITANIUM
Industrial Security.
Miembro activo del
ecosistema del Centro de
Ciberseguridad Industrial (CCI)
desde 2013, profesional Nivel
Negro y participando como
autor y revisor de distintos
estudios y documentos
realizados por este.
Vulnerabilidades ICS Termómetro CCI 2021- 7 - Centro de ...
Introducción
Desde la publicación del cuaderno “Una década de vulnerabilidades ICS” el 4 de mayo de 2020, se han
seguido publicando nuevas vulnerabilidades sobre sistemas ICS, lo que ha hecho variar la exposición al
riesgo de los fabricantes recogidos en dicho cuaderno.

Desde el CCI queremos mantener actualizada esta información para proporcionar una visión de la
evolución de estas vulnerabilidades para que el ecosistema pueda utilizarlas cómo precise en una
publicación que denominaremos Termómetro de vulnerabilidades ICS del CCI.

En cada actualización publicaremos:

    •   Evolución del número de fabricantes de sistemas de control incluidos en el termómetro
        para elperiodo en curso
    •   Evolución de vulnerabilidades y alertas de los fabricantes de control incluidos en el termómetro
    •   El mapa de calor de exposición al riesgo de los fabricantes, actualizado a fecha de publicación.
    •   Comentarios acerca de la evolución del mapa de riesgo.

Novedades 2021
Para adaptarnos a la creciente casuística de vulnerabilidades públicas que afectan a varios fabricantes, en
el año 2021 se aplicará un nuevo criterio, publicando cada uno de los fabricantes afectados por esta única
vulnerabilidad (CVE). Para ser coherentes con este nuevo acercamiento, en 2021 hablaremos de
“Debilidades ICS” (ICS Weaknesses) para dar cabida a estas vulnerabilidades multifabricante.

                                                                                                              4
Vulnerabilidades ICS Termómetro CCI 2021- 7 - Centro de ...
Fabricantes y debilidades ICS

Nuevos fabricantes
En esta edición del termómetro CCI, se incluyen 2 nuevos fabricantes y su número pasa a 44.

       Riesgo Bajo                 Riesgo Medio                   Riesgo Alto                 Riesgo Muy Alto
           eWON                    Phoenix Contact                    N/A                          N/A

En el caso de Phoenix Contact, 7 nuevas debilidades, han sido publicadas sobre distintos productos. Cómo ya
comentamos el año pasado, algunas de ellas son un ejemplo claro de vulnerabilidades amplificadas y causadas
por productos de terceros fabricantes. Cómo ejemplo, la vulnerabilidad numerada como CVE-2021-21005, está
relacionada con URGENT/11 y descubierta por Forescout en 2019.
Hay que destacar que 6 de estas debilidades sobre productos de Phoenix Contact, son explotables de forma
remota (acceso red), y 2 de ellas están consideradas cómo alertas en este termómetro.

eWON ha visto publicada otra vulnerabilidad (CVE-2021-33214) sobre su producto eCatcher, aunque su
explotación requiere la posesión de una cuenta de usuario en el sistema potencialmente impactado..

                                                                                                                5
Nuevas debilidades
El número de vulnerabilidades ICS publicadas y totalmente caracterizadas por el NIST desde la última
actualización es de 109.

Un único fabricante, Siemens, acumula casi el 50% de este número con 50 CVEs publicadas en Julio y sigue
encabezando el mapa cualitativo de riesgo. Es de destacar que a esta fecha, se han publicado más
vulnerabilidades sobre sus productos (153) que en todo el año 2020 (95).

Schneider Electric suma otras 15 debilidades publicadas en Julio y alcanza las 66 vulnerabilidades en 2021.

En el caso de Mikrotik, la publicación de 12 vulnerabilidades este mes, le coloca en la zona de riesgo medio y
ya lleva 29 debilidades publicadas sobre su producto RouterOS en 2021.

Phoenix Contact ha visto la publicación de 7 debilidades en Julio de 2021, de las cuales 2 son alertas y se
describen en el siguiente punto.

Finalmente, el producto R-SeeNet de Advantech suma 5 debilidades publicadas en Julio de 2021, lo que afecta
a su exposición al riesgo cómo fabricante.

Superado el ecuador de 2021, podemos constatar que la tendencia en la investigación de debilidades en los
sistemas de control utilizados en múltiples sectores, sigue creciendo de manera sostenida.

                                                                                                                 6
Nuevas alertas
Este mes, el NIST ha publicado 2 nuevas alertas de fabricante. Recordamos que se clasifican cómo alertas
dado que la explotación de la vulnerabilidad presenta una complejidad baja, tiene cómo vector de acceso la
red y puede causar una total pérdida de servicio. (Según la clasificación CVSS V2, para permitir la
clasificación histórica de debilidades en productos más antiguos).
Phoenix Contact ha visto publicadas 2 alertas sobre 2 de sus series de productos:

          Phoenix Contact FL SWITCH SMCS series                          Phoenix Contact Classic Line Controllers

En ambos casos, el envío de paquetes IP maliciosos puede dejar el dispositivo asilado y su reconexión a la
red de control, necesitaría de un reinicio del dispositivo.

                    Date
 CVE                             CVSS     Warning   Description
                    published

CVE-2021-33541    2021-06-25      7.8               Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants
                                                    are affected by a Denial-of-Service vulnerability. The communication protocols and
                                                    device access do not feature authentication measures. Remote attackers can use
                                                    specially crafted IP packets to cause a denial of service on the PLC's network
                                                    communication module. A successful attack stops all network communication. To
                                                    restore the network connectivity the device needs to be restarted. The automation
                                                    task is not affected.

CVE-2021-21005    2021-06-25      7.8               In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an
                                                    attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-
                                                    Pointer set to 0, the network stack will crash. The device needs to be rebooted
                                                    afterwards.

                                                                                                                                7
En el caso de Schneider Electric, 3 nuevas alertas han sido publicadas por el NIST este mes sobre su producto
EVlink City:

                                      Schneider Electric EVlink City EVC1S22P4

                   Date
 CVE                           CVSS      Warning     Description
                   published

CVE-2021-22730    2021-07-21   10.0                  A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City
                                                     (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 /
                                                     EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all
                                                     versions prior to R8 V3.4.0.1 ) that could an attacker to gain unauthorized
                                                     administrative privileges when accessing to the charging station web server.

CVE-2021-22707    2021-07-21   10.0                  A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City
                                                     (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 /
                                                     EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all
                                                     versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized
                                                     commands to the charging station web server with administrative privileges.

CVE-2021-22729    2021-07-21   10.0                  A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City
                                                     (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 /
                                                     EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all
                                                     versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized
                                                     administrative privileges when accessing to the charging station web server.

Un clásico: Credenciales por defecto del fabricante.

                                                                                                                                  8
Mapa de riesgo
31 de Julio de 2021

                            Circutor

                            Advantech
                             Emerson
       Digitek                  GE                                  Siemens
   Motorola Solutions        Hilscher          Schneider Electric
      Pro-face          Miitsubishi Electric
   Zebra Industrial           Moxa
                            Panasonic
                         Phoenix Contact

        Belden
       CODESYS
   Delta Electronics
          Digi
         Eaton
        eWON
         Fatek
      Fuji Electric
     Hirschmann              Mikrotik
      Honeywell
  Johnson Controls
       Kepware
        Omron
   PTC (ThingWorx)
       Rockwell
   Software Toolbox
    Wibu Systems
      Wind River
          ABB
       Beckhoff
        Philips
        ProSoft
      RuggedCom
        SafeNet
      SearchBlox
         Tesla
         Wago

        Aveva

                                                                              9
Cambios en el riesgo de fabricante
Debido al alto número de debilidades publicadas por el NIST en Julio sobre productos de Siemens ha
hecho que su exposición al riesgo pase de Alto a Muy Alto.

Schneider Electric se situa en la zona de riesgo Alto tras la publicación de 3 alertas en este mes de Julio,
y consolida un CVSS V2 medio de 5.7 en los últimos 10 años.

Emerson y GE se situan en la zona de riesgo Medio+ junto con otros fabricantes (Panasonic y Miitsubishi
Electric) que ven mejorado su riesgo medio por el alto número de vulnerabilidades publicadas este mes.

El resto de los fabricantes mantienen su nivel en el mapa de calor cualitativo de exposición al riesgo.

                                                                                                               10
ANEXO – I: Cálculo del mapa de riesgo
Con objeto de mostrar de una manera gráfica y rápida la postura de cada fabricante en lo que se refiere al
riesgo asociado a las vulnerabilidades publicadas, he seleccionado un formato gráfico muy común en la
gestión de Riesgos: el mapa de calor.
Este diagrama presenta distintos colores para representar el riesgo asociado de manera cualitativa y en
cuatro rangos: Bajo, Medio, Alto y Muy Alto.

                                                                                                     MUY ALTO

                                                        ALTO

                                MEDIO

          BAJO

La posición de cada fabricante dentro del mapa depende de los valores obtenidos en dos parámetros
asociados con la probabilidad (Número de CVEs publicados) y el impacto de dichos CVEs (Valor medio de
CVSS).
Para cada año, se ha calculado cada uno de estos valores entre 1 y 5.
     • En el eje horizontal, se ha calculado el valor proporcional al número de CVEs publicados para
         esefabricante en un año concreto en comparación con el fabricante con mayor número de CVEs.
     • En el eje vertical se ha calculado el valor medio de CVSS de los CVEs publicados ese año y se
         hadividido entre 2.
Para intentar dar una idea más cualitativa en lo que se refiere a la postura de cada fabricante, se han
introducido dos correcciones en el cálculo:
     • Si el fabricante tiene algún CVE ese año considerado cómo Alerta (Acceso por la red,
         complejidadbaja e impacto completo en disponibilidad), se incrementa en una unidad el impacto
         (Eje vertical)y en una unidad la probabilidad (Eje horizontal). Esto se realiza para diferenciar a
         este fabricante de otros sin este tipo de CVEs y posicionarlo en una zona de mayor riesgo.
     • De la misma manera, si un fabricante tiene algún CVE ese año con un valor CVSS de 10.0, se
         incrementa en una unidad la probabilidad (Eje horizontal). Esto se realiza para diferenciar a
         estefabricante de otros sin este tipo de CVEs y posicionarlo en una zona de mayor riesgo.

Se ha estudiado mediante distintas simulaciones que estas correcciones no suponen grandes alteraciones
en la postura global del riesgo de ese fabricante y, sin embargo, presentan un diagnóstico cualitativo más
ajustado.

                                                                                                              11
ANEXO II – Vulnerabilidades publicadas por el
  NIST desde el último termómetro CCI
CVE              Date         CVSS   Warning   Description
                 published     V2
CVE-2021-22706   2021-07-21    4.3             A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
                                               vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink
                                               Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A
                                               all versions prior to R8 V3.4.0.1 ) that could allow an attacker to impersonate the user who
                                               manages the charging station or carry out actions on their behalf when crafted malicious
                                               parameters are submitted to the charging station web server.
CVE-2021-22772   2021-07-21   7.5              A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T200
                                               ((Modbus) SC2-04MOD-07000100 and earlier), Easergy T200 ((IEC104) SC2-04IEC-07000100 and
                                               earlier), and Easergy T200 ((DNP3) SC2-04DNP-07000102 and earlier) that could cause
                                               unauthorized operation when authentication is bypassed.
CVE-2021-22727   2021-07-21   7.5              A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all
                                               versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8
                                               V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an
                                               attacker to gain unauthorized access to the charging station web server
CVE-2021-22708   2021-07-21   6.5              A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City
                                               (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all
                                               versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )
                                               that could allow an attacker to craft a malicious firmware package and bypass the signature
                                               verification mechanism.
CVE-2021-22771   2021-07-21   6.0              A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in
                                               Easergy T300 with firmware V2.7.1 and older that would allow arbitrary command execution.
CVE-2021-22726   2021-07-21   5.5              A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in EVlink City (EVC1S22P4 /
                                               EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior
                                               to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could
                                               allow an attacker to perform unintended actions or access to data when crafted malicious
                                               parameters are submitted to the charging station web server.
CVE-2021-22774   2021-07-21   5.0              A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4
                                               / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions
                                               prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that
                                               could lead an attacker to get knowledge of charging station user account credentials using
                                               dictionary attacks techniques.
CVE-2021-22721   2021-07-21   5.0              A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all
                                               versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8
                                               V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an
                                               attacker to get limited knowledge of javascript code when crafted malicious parameters are
                                               submitted to the charging station web server.
CVE-2021-22723   2021-07-21   4.3              A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting)
                                               through Cross-Site Request Forgery (CSRF) vulnerability exists in EVlink City (EVC1S22P4 /
                                               EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior
                                               to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could
                                               allow an attacker to impersonate the user who manages the charging station or carry out actions
                                               on their behalf when crafted malicious parameters are submitted to the charging station web
                                               server.
CVE-2021-22730   2021-07-21   10.0             A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 /
                                               EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior
                                               to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could an
                                               attacker to gain unauthorized administrative privileges when accessing to the charging station
                                               web server.
CVE-2021-22707   2021-07-21   10.0             A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 /
                                               EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior
                                               to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could
                                               allow an attacker to issue unauthorized commands to the charging station web server with
                                               administrative privileges.
CVE-2021-22729   2021-07-21   10.0             A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City (EVC1S22P4 /
                                               EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior
                                               to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could
                                               allow an attacker to gain unauthorized administrative privileges when accessing to the charging
                                               station web server.

                                                                                                                                            12
CVE              Date         CVSS   Warning   Description
                 published     V2
CVE-2021-22770   2021-07-21    4.0             A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and
                                               older that exposes sensitive information to an actor not explicitly authorized to have access to
                                               that information.
CVE-2021-22722   2021-07-21   3.5              A CWE-79: Improper Neutralization of Input During Web Page Generation ('Stored Cross-site
                                               Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8
                                               V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart
                                               Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could cause code injection when
                                               importing a CSV file or changing station parameters.
CVE-2020-20248   2021-07-19   4.0              Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the
                                               memtest process. An authenticated remote attacker can cause a Denial of Service due to
                                               overloading the systems CPU.
CVE-2020-20230   2021-07-19   4.0              Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the
                                               sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading
                                               the systems CPU.
CVE-2021-21801   2021-07-16   4.3              This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-
                                               SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead
                                               to arbitrary JavaScript code execution.
CVE-2021-21799   2021-07-16   4.3              Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech
                                               R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary
                                               JavaScript code execution in the context of the targeted user’s browser. An attacker can provide
                                               a crafted URL to trigger this vulnerability.
CVE-2021-21800   2021-07-16   4.3              Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-
                                               SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary
                                               JavaScript code execution in the context of the targeted user’s browser. An attacker can provide
                                               a crafted URL to trigger this vulnerability.
CVE-2021-22779   2021-07-14   6.4              Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions
                                               prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1,
                                               EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS),
                                               SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part
                                               numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that
                                               could cause unauthorized access in read and write mode to the controller by spoofing the
                                               Modbus communication between the engineering software and the controller.
CVE-2021-35527   2021-07-14   5.0              Password autocomplete vulnerability in the web application password field of Hitachi ABB Power
                                               Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser.
                                               This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions.
CVE-2020-20231   2021-07-14   4.0              Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability
                                               in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service
                                               (NULL pointer dereference).
CVE-2021-22780   2021-07-14   3.6              Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions
                                               prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions,
                                               including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all
                                               versions, that could cause unauthorized access to a project file protected by a password when
                                               this file is shared with untrusted sources. An attacker may bypass the password protection and
                                               be able to view and modify a project file.
CVE-2021-22778   2021-07-14   3.6              Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions
                                               prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions,
                                               including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all
                                               versions, that could cause protected derived function blocks to be read or modified by
                                               unauthorized users when accessing a project file.
CVE-2021-22782   2021-07-14   2.1              Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all
                                               versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all
                                               versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for
                                               x70, all versions, that could cause an information leak allowing disclosure of network and
                                               process information, credentials or intellectual property when an attacker can access a project
                                               file.
CVE-2021-22781   2021-07-14   2.1              Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions
                                               prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions,
                                               including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all
                                               versions, that could cause a leak of SMTP credential used for mailbox authentication when an
                                               attacker can access a project file.
CVE-2021-34313   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing TIFF files. This could result in an out of bounds write past the
                                               fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in
                                               the context of the current process. (ZDI-CAN-13354)

                                                                                                                                             13
CVE              Date         CVSS   Warning   Description
                 published     V2
CVE-2021-34312   2021-07-13    6.8             A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing TIFF files. This could result in an out of bounds write past the
                                               fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in
                                               the context of the current process. (ZDI-CAN-13353)
CVE-2021-34310   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing TIFF files. This could result in an out of bounds write past the
                                               end of an allocated structure. An attacker could leverage this vulnerability to execute code in the
                                               context of the current process. (ZDI-CAN-13351)
CVE-2021-34309   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing TIFF files. This could result in an out of bounds write past the
                                               end of an allocated structure. An attacker could leverage this vulnerability to execute code in the
                                               context of the current process. (ZDI-CAN-13350)
CVE-2021-34300   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing TIFF files. This could result in an out of bounds write past the
                                               end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the
                                               context of the current process. (ZDI-CAN-13194)
CVE-2021-34292   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing TIFF files. This could result in an out of bounds read past the
                                               end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the
                                               context of the current process. (ZDI-CAN-12959)
CVE-2021-34311   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The Mono_loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing J2K files. This could result in an out of bounds write past the
                                               end of an allocated structure. An attacker could leverage this vulnerability to execute code in the
                                               context of the current process. (ZDI-CAN-13352)
CVE-2021-34331   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-
                                               supplied data when parsing JT files. This could result in an out of bounds write past the end of an
                                               allocated structure. An attacker could leverage this vulnerability to execute code in the context
                                               of the current process. (ZDI-CAN-13442)
CVE-2021-34323   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-
                                               supplied data when parsing JT files. This could result in an out of bounds write past the end of an
                                               allocated structure. An attacker could leverage this vulnerability to execute code in the context
                                               of the current process. (ZDI-CAN-13419)
CVE-2021-34330   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-
                                               supplied data prior to performing further free operations on an object when parsing JT files. An
                                               attacker could leverage this vulnerability to execute code in the context of the current process.
                                               (ZDI-CAN-13430)
CVE-2021-34324   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-
                                               supplied data prior to performing further free operations on an object when parsing JT files. An
                                               attacker could leverage this vulnerability to execute code in the context of the current process.
                                               (ZDI-CAN-13420)
CVE-2021-34305   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing GIF files. This could result in an out of bounds write past the
                                               end of an allocated structure. An attacker could leverage this vulnerability to execute code in the
                                               context of the current process. (ZDI-CAN-13340)
CVE-2021-34295   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing GIF files. This could result in an out of bounds write past the
                                               end of an allocated structure. An attacker could leverage this vulnerability to execute code in the
                                               context of the current process. (ZDI-CAN-13024)
CVE-2021-34293   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing GIF files. This could result in an out of bounds write past the
                                               end of an allocated structure. An attacker could leverage this vulnerability to execute code in the
                                               context of the current process. (ZDI-CAN-13020)

                                                                                                                                           14
CVE              Date         CVSS   Warning   Description
                 published     V2
CVE-2021-34291   2021-07-13    6.8             A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing GIF files. This could result in an out of bounds write past the
                                               end of an allocated structure. An attacker could leverage this vulnerability to execute code in the
                                               context of the current process. (ZDI-CAN-12956)
CVE-2021-34294   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing GIF files. This could result in an out of bounds read past the end
                                               of an allocated buffer. An attacker could leverage this vulnerability to execute code in the
                                               context of the current process. (ZDI-CAN-13023
CVE-2021-34316   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The DL180CoolType.dll library in affected applications lacks proper validation
                                               of user-supplied data when parsing PDF files. This could result in an out of bounds write past the
                                               end of an allocated structure. An attacker could leverage this vulnerability to execute code in the
                                               context of the current process. (ZDI-CAN-13380)
CVE-2021-34319   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing SGI files. This could result in an out of bounds write past the
                                               end of an allocated structure. An attacker could leverage this vulnerability to execute code in the
                                               context of the current process. (ZDI-CAN-13404)
CVE-2021-34314   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing SGI files. This could result in an out of bounds write past the
                                               end of an allocated structure. An attacker could leverage this vulnerability to execute code in the
                                               context of the current process. (ZDI-CAN-13355)
CVE-2021-34315   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing SGI files. This could result in an out of bounds read past the end
                                               of an allocated buffer. An attacker could leverage this vulnerability to execute code in the
                                               context of the current process. (ZDI-CAN-13356)
CVE-2021-34317   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing PCX files. This could result in an out of bounds write past the
                                               fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in
                                               the context of the current process. (ZDI-CAN-13402)
CVE-2021-34318   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing PCT files. This could result in an out of bounds write past the
                                               end of an allocated structure. An attacker could leverage this vulnerability to execute code in the
                                               context of the current process. (ZDI-CAN-13403)
CVE-2021-34297   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing BMP files. This could result in an out of bounds write past the
                                               end of an allocated structure. An attacker could leverage this vulnerability to execute code in the
                                               context of the current process. (ZDI-CAN-13059)
CVE-2021-34296   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing BMP files. This could result in an out of bounds read past the
                                               end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the
                                               context of the current process. (ZDI-CAN-13057)
CVE-2021-34306   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing BMP files. This could result in a memory corruption condition.
                                               An attacker could leverage this vulnerability to execute code in the context of the current
                                               process. (ZDI-CAN-13342)
CVE-2021-34301   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of
                                               user-supplied data prior to performing further free operations on an object when parsing BMP
                                               files. An attacker could leverage this vulnerability to execute code in the context of the current
                                               process. (ZDI-CAN-13196)
CVE-2021-34298   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of
                                               user-supplied data prior to performing further free operations on an object when parsing BMP
                                               files. An attacker could leverage this vulnerability to execute code in the context of the current
                                               process. (ZDI-CAN-13060)

                                                                                                                                           15
CVE              Date         CVSS   Warning   Description
                 published     V2
CVE-2021-34329   2021-07-13    6.8             A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All
                                               Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The
                                               plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied
                                               data when parsing PAR files. This could result in an out of bounds write past the fixed-length
                                               heap-based buffer. An attacker could leverage this vulnerability to execute code in the context
                                               of the current process. (ZDI-CAN-13427)
CVE-2021-34328   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All
                                               Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The
                                               plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied
                                               data when parsing PAR files. This could result in an out of bounds write past the fixed-length
                                               heap-based buffer. An attacker could leverage this vulnerability to execute code in the context
                                               of the current process. (ZDI-CAN-13424)
CVE-2021-34326   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All
                                               Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The
                                               plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied
                                               data when parsing PAR files. This could result in an out of bounds write past the fixed-length
                                               heap-based buffer. An attacker could leverage this vulnerability to execute code in the context
                                               of the current process. (ZDI-CAN-13422)
CVE-2021-34327   2021-07-13   6.8              A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All
                                               Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The
                                               plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied
                                               data when parsing ASM files. This could result in an out of bounds write past the fixed-length
                                               heap-based buffer. An attacker could leverage this vulnerability to execute code in the context
                                               of the current process. (ZDI-CAN-13423)
CVE-2021-33711   2021-07-13   5.0              A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9),
                                               Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1
                                               (All versions < V5.1.4). The affected application allows verbose error messages which allow
                                               leaking of sensitive information, such as full paths.
CVE-2021-33710   2021-07-13   4.3              A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9),
                                               Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1
                                               (All versions < V5.1.4). A reflected cross-site scripting (XSS) vulnerability exists in the web
                                               interface of the affected devices that could allow an attacker to execute malicious JavaScript
                                               code by tricking users into accessing a malicious link.
CVE-2021-34321   2021-07-13   4.3              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The VisDraw.dll library in affected applications lacks proper validation of user-
                                               supplied data when parsing J2K files. This could result in an out of bounds read past the end of
                                               an allocated buffer. An attacker could leverage this vulnerability to leak information in the
                                               context of the current process. (ZDI-CAN-13414)
CVE-2021-34299   2021-07-13   4.3              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing TIFF files. This could result in an out of bounds read past the
                                               end of an allocated buffer. An attacker could leverage this vulnerability to leak information in
                                               the context of the current process. (ZDI-CAN-13192)
CVE-2021-34307   2021-07-13   4.3              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing TIFF files. This could result in an out of bounds read past the
                                               end of an allocated buffer. An attacker could leverage this vulnerability to leak information in
                                               the context of the current process. (ZDI-CAN-13343)
CVE-2021-34304   2021-07-13   4.3              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing TIFF files. This could result in an out of bounds read past the
                                               end of an allocated buffer. An attacker could leverage this vulnerability to leak information in
                                               the context of the current process. (ZDI-CAN-13199)
CVE-2021-34303   2021-07-13   4.3              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing TIFF files. This could result in an out of bounds read past the
                                               end of an allocated buffer. An attacker could leverage this vulnerability to leak information in
                                               the context of the current process. (ZDI-CAN-13198)
CVE-2021-34325   2021-07-13   4.3              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-
                                               supplied data when parsing JT files. This could result in an out of bounds read past the end of an
                                               allocated buffer. An attacker could leverage this vulnerability to leak information in the context
                                               of the current process. (ZDI-CAN-13421)

                                                                                                                                             16
CVE              Date         CVSS   Warning   Description
                 published     V2
CVE-2021-34320   2021-07-13    4.3             A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-
                                               supplied data when parsing JT files. This could result in an out of bounds read past the end of an
                                               allocated buffer. An attacker could leverage this vulnerability to leak information in the context
                                               of the current process. (ZDI-CAN-13406)
CVE-2021-34322   2021-07-13   4.3              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The JPEG2K_Loader.dll library in affected applications lacks proper validation
                                               of user-supplied data when parsing J2K files. This could result in an out of bounds read past the
                                               end of an allocated buffer. An attacker could leverage this vulnerability to leak information in
                                               the context of the current process. (ZDI-CAN-13416)
CVE-2021-34308   2021-07-13   4.3              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing BMP files. This could result in an out of bounds read past the
                                               end of an allocated buffer. An attacker could leverage this vulnerability to leak information in
                                               the context of the current process. (ZDI-CAN-13344)
CVE-2021-34302   2021-07-13   4.3              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing BMP files. This could result in an out of bounds read past the
                                               end of an allocated buffer. An attacker could leverage this vulnerability to leak information in
                                               the context of the current process. (ZDI-CAN-13197)
CVE-2021-34333   2021-07-13   4.3              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing BMP files. A malformed input file could result in double free of
                                               an allocated buffer that leads to a crash. An attacker could leverage this vulnerability to cause
                                               denial of service condition. (CNVD-C-2021-79295)
CVE-2021-34332   2021-07-13   4.3              A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
                                               versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of
                                               user-supplied data when parsing BMP files. A malformed input file could result in an infinite loop
                                               condition that leads to denial of service condition. An attacker could leverage this vulnerability
                                               to consume excessive resources. (CNVD-C-2021-79300)
CVE-2020-20252   2021-07-13   4.0              Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in
                                               the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service
                                               (NULL pointer dereference).
CVE-2020-20250   2021-07-13   4.0              Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in
                                               the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service
                                               (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254.
                                               All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250
                                               github.com/cq674350529 reference.
CVE-2021-33709   2021-07-13   4.0              A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9),
                                               Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1
                                               (All versions < V5.1.4). By sending malformed requests, a remote attacker could leak an
                                               application token due to an error not properly handled by the system.
CVE-2021-33718   2021-07-13   3.5              A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions <
                                               V7.23.22), Mendix Applications using Mendix 8 (All versions < V8.18.7), Mendix Applications
                                               using Mendix 9 (All versions < V9.3.0). Write access checks of attributes of an object could be
                                               bypassed, if user has a write permissions to the first attribute of this object.
CVE-2021-33715   2021-07-13   2.1              A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially
                                               crafted JT files, a race condition could cause an object to be released before being operated on,
                                               leading to NULL pointer deference condition and causing the application to crash. An attacker
                                               could leverage this vulnerability to cause a Denial-of-Service condition in the application.
CVE-2021-33714   2021-07-13   2.1              A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially
                                               crafted JT files, a missing check for the validity of an iterator leads to NULL pointer deference
                                               condition, causing the application to crash. An attacker could leverage this vulnerability to cause
                                               a Denial-of-Service condition in the application.
CVE-2021-33713   2021-07-13   2.1              A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially
                                               crafted JT files, a hash function is called with an incorrect argument leading the application to
                                               crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the
                                               application.
CVE-2021-33214   2021-07-09   6.0              In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users
                                               to access files that could lead to sensitive information disclosure, modification of configuration
                                               files, or disruption of normal system operation.
CVE-2021-33012   2021-07-09   5.0              Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker
                                               sending specially crafted commands to cause the PLC to fault when the controller is switched to
                                               RUN mode, which results in a denial-of-service condition. If successfully exploited, this
                                               vulnerability will cause the controller to fault whenever the controller is switched to RUN mode.

                                                                                                                                              17
CVE              Date         CVSS   Warning   Description
                 published     V2
CVE-2021-32972   2021-07-09    4.3             Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file
                                               specifying a URI that causes the XML parser to access the URI and embed the contents, which
                                               may allow the attacker to disclose information that is accessible in the context of the user
                                               executing software.
CVE-2020-20217   2021-07-08   4.0              Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption
                                               vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a
                                               Denial of Service due to overloading the systems CPU.
CVE-2020-20216   2021-07-07   4.0              Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the
                                               /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service
                                               (NULL pointer dereference).
CVE-2020-20215   2021-07-07   4.0              Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the
                                               /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to
                                               invalid memory access.
CVE-2020-20213   2021-07-07   4.0              Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the
                                               /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to
                                               overloading the systems CPU.
CVE-2020-20211   2021-07-07   4.0              Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the
                                               /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due
                                               to an assertion failure via a crafted packet.
CVE-2020-20212   2021-07-07   4.0              Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the
                                               /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service
                                               (NULL pointer dereference).
CVE-2020-20225   2021-07-07   4.0              Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the
                                               /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to
                                               an assertion failure via a crafted packet.
CVE-2021-27412   2021-07-02   6.8              Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read,
                                               which may allow an attacker to execute arbitrary code.
CVE-2021-27455   2021-07-02   4.3              Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read
                                               while processing project files, which may allow an attacker to disclose information.
CVE-2021-32992   2021-06-29   7.5              FATEK Automation WinProladder Versions 3.30 and prior do not properly restrict operations
                                               within the bounds of a memory buffer, which may allow an attacker to execute arbitrary code.
CVE-2021-32988   2021-06-29   7.5              FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds
                                               write, which may allow an attacker to execute arbitrary code.
CVE-2021-32990   2021-06-29   7.5              FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds
                                               read, which may allow an attacker to execute arbitrary code.
CVE-2021-31337   2021-06-28   6.8              The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products
                                               does not require authentication, which may allow a remote attacker to gain access to the device
                                               if the service is enabled. Telnet is disabled by default on the SINAMICS Medium Voltage Products
                                               (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions).
CVE-2021-33540   2021-06-25   7.5              In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented
                                               password protected FTP access to the root directory exists.
CVE-2021-33542   2021-06-25   5.1              Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected
                                               by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead
                                               to a remote code execution when unallocated memory is freed because of incompletely
                                               initialized data. The attacker needs to get access to an original bus configuration file (*.bcp) to
                                               be able to manipulate data inside. After manipulation the attacker needs to exchange the
                                               original file by the manipulated one on the application programming workstation. Availability,
                                               integrity, or confidentiality of an application programming workstation might be compromised
                                               by attacks using these vulnerabilities. Automated systems in operation which were programmed
                                               with one of the above-mentioned products are not affected.
CVE-2021.33541   2021-06-25   7.8              Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by
                                               a Denial-of-Service vulnerability. The communication protocols and device access do not feature
                                               authentication measures. Remote attackers can use specially crafted IP packets to cause a denial
                                               of service on the PLC's network communication module. A successful attack stops all network
                                               communication. To restore the network connectivity the device needs to be restarted. The
                                               automation task is not affected.
CVE-2021-21005   2021-06-25   7.8              In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a
                                               hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network
                                               stack will crash. The device needs to be rebooted afterwards.
CVE-2021-21003   2021-06-25   5.0              In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-
                                               Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching
                                               functionality of the device is not affected.
CVE-2021-21002   2021-06-25   5.0              In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response
                                               can lead to a temporary denial of service.

                                                                                                                                           18
CVE              Date         CVSS   Warning   Description
                 published     V2
CVE-2021-21004   2021-06-25    4.3             In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert
                                               malicious code via LLDP frames into the web-based management which could then be executed
                                               by the client.

                                                                                                                                       19
También puede leer