Vulnerabilidades ICS Termómetro CCI 2021- 7 - Centro de ...
←
→
Transcripción del contenido de la página
Si su navegador no muestra la página correctamente, lea el contenido de la página a continuación
Vulnerabilidades
ICS Termómetro CCI
2021- 7
Tabla de contenido Introducción .................................................................................................................. 4 Novedades 2021 ................................................................................................................... 4 Fabricantes y debilidades ICS ......................................................................................... 5 Nuevos fabricantes ............................................................................................................... 5 Nuevas debilidades ............................................................................................................... 5 Nuevas alertas ...................................................................................................................... 6 Mapa de riesgo .............................................................................................................. 7 Cambios en el riesgo de fabricante ...................................................................................... 7 ANEXO – I: Cálculo del mapa de riesgo........................................................................... 8 ANEXO II – Vulnerabilidades publicadas por el NIST desde el último termómetro CCI .... 9
Profesional de la Ciberseguridad industrial desde hace más de diez años en distintas empresas como Schneider Electric, S21sec, EY, SecurityMatters, Forescout, Telefónica y actualmente enTITANIUM Industrial Security. Miembro activo del ecosistema del Centro de Ciberseguridad Industrial (CCI) desde 2013, profesional Nivel Negro y participando como autor y revisor de distintos estudios y documentos realizados por este.
Introducción
Desde la publicación del cuaderno “Una década de vulnerabilidades ICS” el 4 de mayo de 2020, se han
seguido publicando nuevas vulnerabilidades sobre sistemas ICS, lo que ha hecho variar la exposición al
riesgo de los fabricantes recogidos en dicho cuaderno.
Desde el CCI queremos mantener actualizada esta información para proporcionar una visión de la
evolución de estas vulnerabilidades para que el ecosistema pueda utilizarlas cómo precise en una
publicación que denominaremos Termómetro de vulnerabilidades ICS del CCI.
En cada actualización publicaremos:
• Evolución del número de fabricantes de sistemas de control incluidos en el termómetro
para elperiodo en curso
• Evolución de vulnerabilidades y alertas de los fabricantes de control incluidos en el termómetro
• El mapa de calor de exposición al riesgo de los fabricantes, actualizado a fecha de publicación.
• Comentarios acerca de la evolución del mapa de riesgo.
Novedades 2021
Para adaptarnos a la creciente casuística de vulnerabilidades públicas que afectan a varios fabricantes, en
el año 2021 se aplicará un nuevo criterio, publicando cada uno de los fabricantes afectados por esta única
vulnerabilidad (CVE). Para ser coherentes con este nuevo acercamiento, en 2021 hablaremos de
“Debilidades ICS” (ICS Weaknesses) para dar cabida a estas vulnerabilidades multifabricante.
4
Fabricantes y debilidades ICS
Nuevos fabricantes
En esta edición del termómetro CCI, se incluyen 2 nuevos fabricantes y su número pasa a 44.
Riesgo Bajo Riesgo Medio Riesgo Alto Riesgo Muy Alto
eWON Phoenix Contact N/A N/A
En el caso de Phoenix Contact, 7 nuevas debilidades, han sido publicadas sobre distintos productos. Cómo ya
comentamos el año pasado, algunas de ellas son un ejemplo claro de vulnerabilidades amplificadas y causadas
por productos de terceros fabricantes. Cómo ejemplo, la vulnerabilidad numerada como CVE-2021-21005, está
relacionada con URGENT/11 y descubierta por Forescout en 2019.
Hay que destacar que 6 de estas debilidades sobre productos de Phoenix Contact, son explotables de forma
remota (acceso red), y 2 de ellas están consideradas cómo alertas en este termómetro.
eWON ha visto publicada otra vulnerabilidad (CVE-2021-33214) sobre su producto eCatcher, aunque su
explotación requiere la posesión de una cuenta de usuario en el sistema potencialmente impactado..
5Nuevas debilidades
El número de vulnerabilidades ICS publicadas y totalmente caracterizadas por el NIST desde la última
actualización es de 109.
Un único fabricante, Siemens, acumula casi el 50% de este número con 50 CVEs publicadas en Julio y sigue
encabezando el mapa cualitativo de riesgo. Es de destacar que a esta fecha, se han publicado más
vulnerabilidades sobre sus productos (153) que en todo el año 2020 (95).
Schneider Electric suma otras 15 debilidades publicadas en Julio y alcanza las 66 vulnerabilidades en 2021.
En el caso de Mikrotik, la publicación de 12 vulnerabilidades este mes, le coloca en la zona de riesgo medio y
ya lleva 29 debilidades publicadas sobre su producto RouterOS en 2021.
Phoenix Contact ha visto la publicación de 7 debilidades en Julio de 2021, de las cuales 2 son alertas y se
describen en el siguiente punto.
Finalmente, el producto R-SeeNet de Advantech suma 5 debilidades publicadas en Julio de 2021, lo que afecta
a su exposición al riesgo cómo fabricante.
Superado el ecuador de 2021, podemos constatar que la tendencia en la investigación de debilidades en los
sistemas de control utilizados en múltiples sectores, sigue creciendo de manera sostenida.
6Nuevas alertas
Este mes, el NIST ha publicado 2 nuevas alertas de fabricante. Recordamos que se clasifican cómo alertas
dado que la explotación de la vulnerabilidad presenta una complejidad baja, tiene cómo vector de acceso la
red y puede causar una total pérdida de servicio. (Según la clasificación CVSS V2, para permitir la
clasificación histórica de debilidades en productos más antiguos).
Phoenix Contact ha visto publicadas 2 alertas sobre 2 de sus series de productos:
Phoenix Contact FL SWITCH SMCS series Phoenix Contact Classic Line Controllers
En ambos casos, el envío de paquetes IP maliciosos puede dejar el dispositivo asilado y su reconexión a la
red de control, necesitaría de un reinicio del dispositivo.
Date
CVE CVSS Warning Description
published
CVE-2021-33541 2021-06-25 7.8 Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants
are affected by a Denial-of-Service vulnerability. The communication protocols and
device access do not feature authentication measures. Remote attackers can use
specially crafted IP packets to cause a denial of service on the PLC's network
communication module. A successful attack stops all network communication. To
restore the network connectivity the device needs to be restarted. The automation
task is not affected.
CVE-2021-21005 2021-06-25 7.8 In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an
attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-
Pointer set to 0, the network stack will crash. The device needs to be rebooted
afterwards.
7En el caso de Schneider Electric, 3 nuevas alertas han sido publicadas por el NIST este mes sobre su producto
EVlink City:
Schneider Electric EVlink City EVC1S22P4
Date
CVE CVSS Warning Description
published
CVE-2021-22730 2021-07-21 10.0 A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City
(EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 /
EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all
versions prior to R8 V3.4.0.1 ) that could an attacker to gain unauthorized
administrative privileges when accessing to the charging station web server.
CVE-2021-22707 2021-07-21 10.0 A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City
(EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 /
EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all
versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized
commands to the charging station web server with administrative privileges.
CVE-2021-22729 2021-07-21 10.0 A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City
(EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 /
EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all
versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized
administrative privileges when accessing to the charging station web server.
Un clásico: Credenciales por defecto del fabricante.
8Mapa de riesgo
31 de Julio de 2021
Circutor
Advantech
Emerson
Digitek GE Siemens
Motorola Solutions Hilscher Schneider Electric
Pro-face Miitsubishi Electric
Zebra Industrial Moxa
Panasonic
Phoenix Contact
Belden
CODESYS
Delta Electronics
Digi
Eaton
eWON
Fatek
Fuji Electric
Hirschmann Mikrotik
Honeywell
Johnson Controls
Kepware
Omron
PTC (ThingWorx)
Rockwell
Software Toolbox
Wibu Systems
Wind River
ABB
Beckhoff
Philips
ProSoft
RuggedCom
SafeNet
SearchBlox
Tesla
Wago
Aveva
9Cambios en el riesgo de fabricante
Debido al alto número de debilidades publicadas por el NIST en Julio sobre productos de Siemens ha
hecho que su exposición al riesgo pase de Alto a Muy Alto.
Schneider Electric se situa en la zona de riesgo Alto tras la publicación de 3 alertas en este mes de Julio,
y consolida un CVSS V2 medio de 5.7 en los últimos 10 años.
Emerson y GE se situan en la zona de riesgo Medio+ junto con otros fabricantes (Panasonic y Miitsubishi
Electric) que ven mejorado su riesgo medio por el alto número de vulnerabilidades publicadas este mes.
El resto de los fabricantes mantienen su nivel en el mapa de calor cualitativo de exposición al riesgo.
10ANEXO – I: Cálculo del mapa de riesgo
Con objeto de mostrar de una manera gráfica y rápida la postura de cada fabricante en lo que se refiere al
riesgo asociado a las vulnerabilidades publicadas, he seleccionado un formato gráfico muy común en la
gestión de Riesgos: el mapa de calor.
Este diagrama presenta distintos colores para representar el riesgo asociado de manera cualitativa y en
cuatro rangos: Bajo, Medio, Alto y Muy Alto.
MUY ALTO
ALTO
MEDIO
BAJO
La posición de cada fabricante dentro del mapa depende de los valores obtenidos en dos parámetros
asociados con la probabilidad (Número de CVEs publicados) y el impacto de dichos CVEs (Valor medio de
CVSS).
Para cada año, se ha calculado cada uno de estos valores entre 1 y 5.
• En el eje horizontal, se ha calculado el valor proporcional al número de CVEs publicados para
esefabricante en un año concreto en comparación con el fabricante con mayor número de CVEs.
• En el eje vertical se ha calculado el valor medio de CVSS de los CVEs publicados ese año y se
hadividido entre 2.
Para intentar dar una idea más cualitativa en lo que se refiere a la postura de cada fabricante, se han
introducido dos correcciones en el cálculo:
• Si el fabricante tiene algún CVE ese año considerado cómo Alerta (Acceso por la red,
complejidadbaja e impacto completo en disponibilidad), se incrementa en una unidad el impacto
(Eje vertical)y en una unidad la probabilidad (Eje horizontal). Esto se realiza para diferenciar a
este fabricante de otros sin este tipo de CVEs y posicionarlo en una zona de mayor riesgo.
• De la misma manera, si un fabricante tiene algún CVE ese año con un valor CVSS de 10.0, se
incrementa en una unidad la probabilidad (Eje horizontal). Esto se realiza para diferenciar a
estefabricante de otros sin este tipo de CVEs y posicionarlo en una zona de mayor riesgo.
Se ha estudiado mediante distintas simulaciones que estas correcciones no suponen grandes alteraciones
en la postura global del riesgo de ese fabricante y, sin embargo, presentan un diagnóstico cualitativo más
ajustado.
11ANEXO II – Vulnerabilidades publicadas por el
NIST desde el último termómetro CCI
CVE Date CVSS Warning Description
published V2
CVE-2021-22706 2021-07-21 4.3 A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink
Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A
all versions prior to R8 V3.4.0.1 ) that could allow an attacker to impersonate the user who
manages the charging station or carry out actions on their behalf when crafted malicious
parameters are submitted to the charging station web server.
CVE-2021-22772 2021-07-21 7.5 A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T200
((Modbus) SC2-04MOD-07000100 and earlier), Easergy T200 ((IEC104) SC2-04IEC-07000100 and
earlier), and Easergy T200 ((DNP3) SC2-04DNP-07000102 and earlier) that could cause
unauthorized operation when authentication is bypassed.
CVE-2021-22727 2021-07-21 7.5 A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all
versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8
V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an
attacker to gain unauthorized access to the charging station web server
CVE-2021-22708 2021-07-21 6.5 A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City
(EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all
versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )
that could allow an attacker to craft a malicious firmware package and bypass the signature
verification mechanism.
CVE-2021-22771 2021-07-21 6.0 A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in
Easergy T300 with firmware V2.7.1 and older that would allow arbitrary command execution.
CVE-2021-22726 2021-07-21 5.5 A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in EVlink City (EVC1S22P4 /
EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior
to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could
allow an attacker to perform unintended actions or access to data when crafted malicious
parameters are submitted to the charging station web server.
CVE-2021-22774 2021-07-21 5.0 A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4
/ EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions
prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that
could lead an attacker to get knowledge of charging station user account credentials using
dictionary attacks techniques.
CVE-2021-22721 2021-07-21 5.0 A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all
versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8
V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an
attacker to get limited knowledge of javascript code when crafted malicious parameters are
submitted to the charging station web server.
CVE-2021-22723 2021-07-21 4.3 A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting)
through Cross-Site Request Forgery (CSRF) vulnerability exists in EVlink City (EVC1S22P4 /
EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior
to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could
allow an attacker to impersonate the user who manages the charging station or carry out actions
on their behalf when crafted malicious parameters are submitted to the charging station web
server.
CVE-2021-22730 2021-07-21 10.0 A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 /
EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior
to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could an
attacker to gain unauthorized administrative privileges when accessing to the charging station
web server.
CVE-2021-22707 2021-07-21 10.0 A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 /
EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior
to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could
allow an attacker to issue unauthorized commands to the charging station web server with
administrative privileges.
CVE-2021-22729 2021-07-21 10.0 A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City (EVC1S22P4 /
EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior
to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could
allow an attacker to gain unauthorized administrative privileges when accessing to the charging
station web server.
12CVE Date CVSS Warning Description
published V2
CVE-2021-22770 2021-07-21 4.0 A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and
older that exposes sensitive information to an actor not explicitly authorized to have access to
that information.
CVE-2021-22722 2021-07-21 3.5 A CWE-79: Improper Neutralization of Input During Web Page Generation ('Stored Cross-site
Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8
V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart
Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could cause code injection when
importing a CSV file or changing station parameters.
CVE-2020-20248 2021-07-19 4.0 Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the
memtest process. An authenticated remote attacker can cause a Denial of Service due to
overloading the systems CPU.
CVE-2020-20230 2021-07-19 4.0 Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the
sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading
the systems CPU.
CVE-2021-21801 2021-07-16 4.3 This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-
SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead
to arbitrary JavaScript code execution.
CVE-2021-21799 2021-07-16 4.3 Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech
R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary
JavaScript code execution in the context of the targeted user’s browser. An attacker can provide
a crafted URL to trigger this vulnerability.
CVE-2021-21800 2021-07-16 4.3 Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-
SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary
JavaScript code execution in the context of the targeted user’s browser. An attacker can provide
a crafted URL to trigger this vulnerability.
CVE-2021-22779 2021-07-14 6.4 Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions
prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1,
EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS),
SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part
numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that
could cause unauthorized access in read and write mode to the controller by spoofing the
Modbus communication between the engineering software and the controller.
CVE-2021-35527 2021-07-14 5.0 Password autocomplete vulnerability in the web application password field of Hitachi ABB Power
Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser.
This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions.
CVE-2020-20231 2021-07-14 4.0 Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability
in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service
(NULL pointer dereference).
CVE-2021-22780 2021-07-14 3.6 Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions
prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions,
including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all
versions, that could cause unauthorized access to a project file protected by a password when
this file is shared with untrusted sources. An attacker may bypass the password protection and
be able to view and modify a project file.
CVE-2021-22778 2021-07-14 3.6 Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions
prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions,
including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all
versions, that could cause protected derived function blocks to be read or modified by
unauthorized users when accessing a project file.
CVE-2021-22782 2021-07-14 2.1 Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all
versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all
versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for
x70, all versions, that could cause an information leak allowing disclosure of network and
process information, credentials or intellectual property when an attacker can access a project
file.
CVE-2021-22781 2021-07-14 2.1 Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions
prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions,
including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all
versions, that could cause a leak of SMTP credential used for mailbox authentication when an
attacker can access a project file.
CVE-2021-34313 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing TIFF files. This could result in an out of bounds write past the
fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in
the context of the current process. (ZDI-CAN-13354)
13CVE Date CVSS Warning Description
published V2
CVE-2021-34312 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing TIFF files. This could result in an out of bounds write past the
fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in
the context of the current process. (ZDI-CAN-13353)
CVE-2021-34310 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing TIFF files. This could result in an out of bounds write past the
end of an allocated structure. An attacker could leverage this vulnerability to execute code in the
context of the current process. (ZDI-CAN-13351)
CVE-2021-34309 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing TIFF files. This could result in an out of bounds write past the
end of an allocated structure. An attacker could leverage this vulnerability to execute code in the
context of the current process. (ZDI-CAN-13350)
CVE-2021-34300 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing TIFF files. This could result in an out of bounds write past the
end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the
context of the current process. (ZDI-CAN-13194)
CVE-2021-34292 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing TIFF files. This could result in an out of bounds read past the
end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the
context of the current process. (ZDI-CAN-12959)
CVE-2021-34311 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The Mono_loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing J2K files. This could result in an out of bounds write past the
end of an allocated structure. An attacker could leverage this vulnerability to execute code in the
context of the current process. (ZDI-CAN-13352)
CVE-2021-34331 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-
supplied data when parsing JT files. This could result in an out of bounds write past the end of an
allocated structure. An attacker could leverage this vulnerability to execute code in the context
of the current process. (ZDI-CAN-13442)
CVE-2021-34323 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-
supplied data when parsing JT files. This could result in an out of bounds write past the end of an
allocated structure. An attacker could leverage this vulnerability to execute code in the context
of the current process. (ZDI-CAN-13419)
CVE-2021-34330 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-
supplied data prior to performing further free operations on an object when parsing JT files. An
attacker could leverage this vulnerability to execute code in the context of the current process.
(ZDI-CAN-13430)
CVE-2021-34324 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-
supplied data prior to performing further free operations on an object when parsing JT files. An
attacker could leverage this vulnerability to execute code in the context of the current process.
(ZDI-CAN-13420)
CVE-2021-34305 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing GIF files. This could result in an out of bounds write past the
end of an allocated structure. An attacker could leverage this vulnerability to execute code in the
context of the current process. (ZDI-CAN-13340)
CVE-2021-34295 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing GIF files. This could result in an out of bounds write past the
end of an allocated structure. An attacker could leverage this vulnerability to execute code in the
context of the current process. (ZDI-CAN-13024)
CVE-2021-34293 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing GIF files. This could result in an out of bounds write past the
end of an allocated structure. An attacker could leverage this vulnerability to execute code in the
context of the current process. (ZDI-CAN-13020)
14CVE Date CVSS Warning Description
published V2
CVE-2021-34291 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing GIF files. This could result in an out of bounds write past the
end of an allocated structure. An attacker could leverage this vulnerability to execute code in the
context of the current process. (ZDI-CAN-12956)
CVE-2021-34294 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing GIF files. This could result in an out of bounds read past the end
of an allocated buffer. An attacker could leverage this vulnerability to execute code in the
context of the current process. (ZDI-CAN-13023
CVE-2021-34316 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The DL180CoolType.dll library in affected applications lacks proper validation
of user-supplied data when parsing PDF files. This could result in an out of bounds write past the
end of an allocated structure. An attacker could leverage this vulnerability to execute code in the
context of the current process. (ZDI-CAN-13380)
CVE-2021-34319 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing SGI files. This could result in an out of bounds write past the
end of an allocated structure. An attacker could leverage this vulnerability to execute code in the
context of the current process. (ZDI-CAN-13404)
CVE-2021-34314 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing SGI files. This could result in an out of bounds write past the
end of an allocated structure. An attacker could leverage this vulnerability to execute code in the
context of the current process. (ZDI-CAN-13355)
CVE-2021-34315 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing SGI files. This could result in an out of bounds read past the end
of an allocated buffer. An attacker could leverage this vulnerability to execute code in the
context of the current process. (ZDI-CAN-13356)
CVE-2021-34317 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing PCX files. This could result in an out of bounds write past the
fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in
the context of the current process. (ZDI-CAN-13402)
CVE-2021-34318 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing PCT files. This could result in an out of bounds write past the
end of an allocated structure. An attacker could leverage this vulnerability to execute code in the
context of the current process. (ZDI-CAN-13403)
CVE-2021-34297 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing BMP files. This could result in an out of bounds write past the
end of an allocated structure. An attacker could leverage this vulnerability to execute code in the
context of the current process. (ZDI-CAN-13059)
CVE-2021-34296 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing BMP files. This could result in an out of bounds read past the
end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the
context of the current process. (ZDI-CAN-13057)
CVE-2021-34306 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing BMP files. This could result in a memory corruption condition.
An attacker could leverage this vulnerability to execute code in the context of the current
process. (ZDI-CAN-13342)
CVE-2021-34301 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of
user-supplied data prior to performing further free operations on an object when parsing BMP
files. An attacker could leverage this vulnerability to execute code in the context of the current
process. (ZDI-CAN-13196)
CVE-2021-34298 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of
user-supplied data prior to performing further free operations on an object when parsing BMP
files. An attacker could leverage this vulnerability to execute code in the context of the current
process. (ZDI-CAN-13060)
15CVE Date CVSS Warning Description
published V2
CVE-2021-34329 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All
Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The
plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied
data when parsing PAR files. This could result in an out of bounds write past the fixed-length
heap-based buffer. An attacker could leverage this vulnerability to execute code in the context
of the current process. (ZDI-CAN-13427)
CVE-2021-34328 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All
Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The
plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied
data when parsing PAR files. This could result in an out of bounds write past the fixed-length
heap-based buffer. An attacker could leverage this vulnerability to execute code in the context
of the current process. (ZDI-CAN-13424)
CVE-2021-34326 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All
Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The
plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied
data when parsing PAR files. This could result in an out of bounds write past the fixed-length
heap-based buffer. An attacker could leverage this vulnerability to execute code in the context
of the current process. (ZDI-CAN-13422)
CVE-2021-34327 2021-07-13 6.8 A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All
Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The
plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied
data when parsing ASM files. This could result in an out of bounds write past the fixed-length
heap-based buffer. An attacker could leverage this vulnerability to execute code in the context
of the current process. (ZDI-CAN-13423)
CVE-2021-33711 2021-07-13 5.0 A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9),
Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1
(All versions < V5.1.4). The affected application allows verbose error messages which allow
leaking of sensitive information, such as full paths.
CVE-2021-33710 2021-07-13 4.3 A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9),
Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1
(All versions < V5.1.4). A reflected cross-site scripting (XSS) vulnerability exists in the web
interface of the affected devices that could allow an attacker to execute malicious JavaScript
code by tricking users into accessing a malicious link.
CVE-2021-34321 2021-07-13 4.3 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The VisDraw.dll library in affected applications lacks proper validation of user-
supplied data when parsing J2K files. This could result in an out of bounds read past the end of
an allocated buffer. An attacker could leverage this vulnerability to leak information in the
context of the current process. (ZDI-CAN-13414)
CVE-2021-34299 2021-07-13 4.3 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing TIFF files. This could result in an out of bounds read past the
end of an allocated buffer. An attacker could leverage this vulnerability to leak information in
the context of the current process. (ZDI-CAN-13192)
CVE-2021-34307 2021-07-13 4.3 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing TIFF files. This could result in an out of bounds read past the
end of an allocated buffer. An attacker could leverage this vulnerability to leak information in
the context of the current process. (ZDI-CAN-13343)
CVE-2021-34304 2021-07-13 4.3 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing TIFF files. This could result in an out of bounds read past the
end of an allocated buffer. An attacker could leverage this vulnerability to leak information in
the context of the current process. (ZDI-CAN-13199)
CVE-2021-34303 2021-07-13 4.3 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing TIFF files. This could result in an out of bounds read past the
end of an allocated buffer. An attacker could leverage this vulnerability to leak information in
the context of the current process. (ZDI-CAN-13198)
CVE-2021-34325 2021-07-13 4.3 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-
supplied data when parsing JT files. This could result in an out of bounds read past the end of an
allocated buffer. An attacker could leverage this vulnerability to leak information in the context
of the current process. (ZDI-CAN-13421)
16CVE Date CVSS Warning Description
published V2
CVE-2021-34320 2021-07-13 4.3 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-
supplied data when parsing JT files. This could result in an out of bounds read past the end of an
allocated buffer. An attacker could leverage this vulnerability to leak information in the context
of the current process. (ZDI-CAN-13406)
CVE-2021-34322 2021-07-13 4.3 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The JPEG2K_Loader.dll library in affected applications lacks proper validation
of user-supplied data when parsing J2K files. This could result in an out of bounds read past the
end of an allocated buffer. An attacker could leverage this vulnerability to leak information in
the context of the current process. (ZDI-CAN-13416)
CVE-2021-34308 2021-07-13 4.3 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing BMP files. This could result in an out of bounds read past the
end of an allocated buffer. An attacker could leverage this vulnerability to leak information in
the context of the current process. (ZDI-CAN-13344)
CVE-2021-34302 2021-07-13 4.3 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing BMP files. This could result in an out of bounds read past the
end of an allocated buffer. An attacker could leverage this vulnerability to leak information in
the context of the current process. (ZDI-CAN-13197)
CVE-2021-34333 2021-07-13 4.3 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing BMP files. A malformed input file could result in double free of
an allocated buffer that leads to a crash. An attacker could leverage this vulnerability to cause
denial of service condition. (CNVD-C-2021-79295)
CVE-2021-34332 2021-07-13 4.3 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All
versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of
user-supplied data when parsing BMP files. A malformed input file could result in an infinite loop
condition that leads to denial of service condition. An attacker could leverage this vulnerability
to consume excessive resources. (CNVD-C-2021-79300)
CVE-2020-20252 2021-07-13 4.0 Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in
the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service
(NULL pointer dereference).
CVE-2020-20250 2021-07-13 4.0 Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in
the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service
(NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254.
All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250
github.com/cq674350529 reference.
CVE-2021-33709 2021-07-13 4.0 A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9),
Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1
(All versions < V5.1.4). By sending malformed requests, a remote attacker could leak an
application token due to an error not properly handled by the system.
CVE-2021-33718 2021-07-13 3.5 A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions <
V7.23.22), Mendix Applications using Mendix 8 (All versions < V8.18.7), Mendix Applications
using Mendix 9 (All versions < V9.3.0). Write access checks of attributes of an object could be
bypassed, if user has a write permissions to the first attribute of this object.
CVE-2021-33715 2021-07-13 2.1 A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially
crafted JT files, a race condition could cause an object to be released before being operated on,
leading to NULL pointer deference condition and causing the application to crash. An attacker
could leverage this vulnerability to cause a Denial-of-Service condition in the application.
CVE-2021-33714 2021-07-13 2.1 A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially
crafted JT files, a missing check for the validity of an iterator leads to NULL pointer deference
condition, causing the application to crash. An attacker could leverage this vulnerability to cause
a Denial-of-Service condition in the application.
CVE-2021-33713 2021-07-13 2.1 A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially
crafted JT files, a hash function is called with an incorrect argument leading the application to
crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the
application.
CVE-2021-33214 2021-07-09 6.0 In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users
to access files that could lead to sensitive information disclosure, modification of configuration
files, or disruption of normal system operation.
CVE-2021-33012 2021-07-09 5.0 Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker
sending specially crafted commands to cause the PLC to fault when the controller is switched to
RUN mode, which results in a denial-of-service condition. If successfully exploited, this
vulnerability will cause the controller to fault whenever the controller is switched to RUN mode.
17CVE Date CVSS Warning Description
published V2
CVE-2021-32972 2021-07-09 4.3 Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file
specifying a URI that causes the XML parser to access the URI and embed the contents, which
may allow the attacker to disclose information that is accessible in the context of the user
executing software.
CVE-2020-20217 2021-07-08 4.0 Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption
vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a
Denial of Service due to overloading the systems CPU.
CVE-2020-20216 2021-07-07 4.0 Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the
/nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service
(NULL pointer dereference).
CVE-2020-20215 2021-07-07 4.0 Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the
/nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to
invalid memory access.
CVE-2020-20213 2021-07-07 4.0 Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the
/nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to
overloading the systems CPU.
CVE-2020-20211 2021-07-07 4.0 Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the
/nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due
to an assertion failure via a crafted packet.
CVE-2020-20212 2021-07-07 4.0 Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the
/nova/bin/console process. An authenticated remote attacker can cause a Denial of Service
(NULL pointer dereference).
CVE-2020-20225 2021-07-07 4.0 Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the
/nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to
an assertion failure via a crafted packet.
CVE-2021-27412 2021-07-02 6.8 Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read,
which may allow an attacker to execute arbitrary code.
CVE-2021-27455 2021-07-02 4.3 Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read
while processing project files, which may allow an attacker to disclose information.
CVE-2021-32992 2021-06-29 7.5 FATEK Automation WinProladder Versions 3.30 and prior do not properly restrict operations
within the bounds of a memory buffer, which may allow an attacker to execute arbitrary code.
CVE-2021-32988 2021-06-29 7.5 FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds
write, which may allow an attacker to execute arbitrary code.
CVE-2021-32990 2021-06-29 7.5 FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds
read, which may allow an attacker to execute arbitrary code.
CVE-2021-31337 2021-06-28 6.8 The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products
does not require authentication, which may allow a remote attacker to gain access to the device
if the service is enabled. Telnet is disabled by default on the SINAMICS Medium Voltage Products
(SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions).
CVE-2021-33540 2021-06-25 7.5 In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented
password protected FTP access to the root directory exists.
CVE-2021-33542 2021-06-25 5.1 Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected
by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead
to a remote code execution when unallocated memory is freed because of incompletely
initialized data. The attacker needs to get access to an original bus configuration file (*.bcp) to
be able to manipulate data inside. After manipulation the attacker needs to exchange the
original file by the manipulated one on the application programming workstation. Availability,
integrity, or confidentiality of an application programming workstation might be compromised
by attacks using these vulnerabilities. Automated systems in operation which were programmed
with one of the above-mentioned products are not affected.
CVE-2021.33541 2021-06-25 7.8 Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by
a Denial-of-Service vulnerability. The communication protocols and device access do not feature
authentication measures. Remote attackers can use specially crafted IP packets to cause a denial
of service on the PLC's network communication module. A successful attack stops all network
communication. To restore the network connectivity the device needs to be restarted. The
automation task is not affected.
CVE-2021-21005 2021-06-25 7.8 In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a
hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network
stack will crash. The device needs to be rebooted afterwards.
CVE-2021-21003 2021-06-25 5.0 In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-
Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching
functionality of the device is not affected.
CVE-2021-21002 2021-06-25 5.0 In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response
can lead to a temporary denial of service.
18CVE Date CVSS Warning Description
published V2
CVE-2021-21004 2021-06-25 4.3 In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert
malicious code via LLDP frames into the web-based management which could then be executed
by the client.
19También puede leer
