Sign-up

ID

VAR-202102-0634


CVE

CVE-2021-22652


TITLE

Advantech iView  Vulnerability regarding lack of authentication for critical features in

Trust: 0.8

sources: JVNDB: JVNDB-2021-003754

DESCRIPTION

Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. Advantech iView There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Advantech iView is an equipment management application for the energy, water and wastewater industries. Advantech iView versions prior to 5.7.03.6112 have a key feature lack of certification vulnerability. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time

Trust: 2.34

sources: NVD: CVE-2021-22652 // JVNDB: JVNDB-2021-003754 // CNVD: CNVD-2021-11077 // VULHUB: VHN-381089 // VULMON: CVE-2021-22652

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-11077

AFFECTED PRODUCTS

vendor:advantechmodel:iviewscope:ltversion:5.7.03.6112

Trust: 1.6

vendor:アドバンテック株式会社model:iviewscope:eqversion:5.7.03.6112

Trust: 0.8

vendor:アドバンテック株式会社model:iviewscope:eqversion: -

Trust: 0.8

sources: CNVD: CNVD-2021-11077 // JVNDB: JVNDB-2021-003754 // NVD: CVE-2021-22652

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22652
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-22652
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2021-11077
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202102-813
value: CRITICAL

Trust: 0.6

VULHUB: VHN-381089
value: HIGH

Trust: 0.1

VULMON: CVE-2021-22652
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-22652
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-11077
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-381089
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22652
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-22652
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-11077 // VULHUB: VHN-381089 // VULMON: CVE-2021-22652 // JVNDB: JVNDB-2021-003754 // CNNVD: CNNVD-202102-813 // NVD: CVE-2021-22652

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.1

problemtype:Lack of authentication for important features (CWE-306) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-381089 // JVNDB: JVNDB-2021-003754 // NVD: CVE-2021-22652

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-813

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202102-813

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-381089

PATCH
title:top pageurl:https://www.advantech.co.jp/
Trust: 0.8
title:Patch for Key features of Advantech iView lack certification vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/248551
Trust: 0.6
title:Advantech Iview Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142090
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-11077 // 
            
            
            
            JVNDB: JVNDB-2021-003754 // 
            
            
            
            CNNVD: CNNVD-202102-813

EXTERNAL IDS
db:NVDid:CVE-2021-22652
Trust: 3.2
db:ICS CERTid:ICSA-21-040-02
Trust: 3.2
db:PACKETSTORMid:161937
Trust: 2.6
db:JVNid:JVNVU97517721
Trust: 0.8
db:JVNDBid:JVNDB-2021-003754
Trust: 0.8
db:CNVDid:CNVD-2021-11077
Trust: 0.6
db:AUSCERTid:ESB-2021.0469
Trust: 0.6
db:CNNVDid:CNNVD-202102-813
Trust: 0.6
db:VULHUBid:VHN-381089
Trust: 0.1
db:VULMONid:CVE-2021-22652
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-11077 // 
            
            
            
            VULHUB: VHN-381089 // 
            
            
            
            VULMON: CVE-2021-22652 // 
            
            
            
            JVNDB: JVNDB-2021-003754 // 
            
            
            
            CNNVD: CNNVD-202102-813 // 
            
            
            
            NVD: CVE-2021-22652

REFERENCES
url:https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02
Trust: 3.8
url:http://packetstormsecurity.com/files/161937/advantech-iview-unauthenticated-remote-code-execution.html
Trust: 3.3
url:https://nvd.nist.gov/vuln/detail/cve-2021-22652
Trust: 1.4
url:http://jvn.jp/vu/jvnvu97517721/index.html
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2021.0469
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/306.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-11077 // 
            
            
            
            VULHUB: VHN-381089 // 
            
            
            
            VULMON: CVE-2021-22652 // 
            
            
            
            JVNDB: JVNDB-2021-003754 // 
            
            
            
            CNNVD: CNNVD-202102-813 // 
            
            
            
            NVD: CVE-2021-22652

CREDITS
Spencer McIntyre
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202102-813

SOURCES
db:CNVDid:CNVD-2021-11077
db:VULHUBid:VHN-381089
db:VULMONid:CVE-2021-22652
db:JVNDBid:JVNDB-2021-003754
db:CNNVDid:CNNVD-202102-813
db:NVDid:CVE-2021-22652

LAST UPDATE DATE
2024-08-14T13:23:50.762000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-11077date:2021-02-20T00:00:00
db:VULHUBid:VHN-381089date:2021-03-26T00:00:00
db:VULMONid:CVE-2021-22652date:2021-03-26T00:00:00
db:JVNDBid:JVNDB-2021-003754date:2021-11-04T06:05:00
db:CNNVDid:CNNVD-202102-813date:2021-03-24T00:00:00
db:NVDid:CVE-2021-22652date:2021-03-26T20:06:44.527

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-11077date:2021-02-20T00:00:00
db:VULHUBid:VHN-381089date:2021-02-11T00:00:00
db:VULMONid:CVE-2021-22652date:2021-02-11T00:00:00
db:JVNDBid:JVNDB-2021-003754date:2021-11-04T00:00:00
db:CNNVDid:CNNVD-202102-813date:2021-02-09T00:00:00
db:NVDid:CVE-2021-22652date:2021-02-11T18:15:17.003