Sign-up

ID

VAR-202107-0558


CVE

CVE-2021-21799


TITLE

Advantech R-SeeNet  Cross-site Scripting Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-009702

DESCRIPTION

Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability. Advantech R-SeeNet Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Advantech R-SeeNet is an industrial monitoring software developed by China Taiwan Advantech Company. The software monitors the platform based on the snmp protocol, and is suitable for Linux and Windows platforms

Trust: 2.34

sources: NVD: CVE-2021-21799 // JVNDB: JVNDB-2021-009702 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-380203 // VULMON: CVE-2021-21799

AFFECTED PRODUCTS

vendor:advantechmodel:r-seenetscope:eqversion:2.4.12

Trust: 1.0

vendor:アドバンテック株式会社model:r-seenetscope:eqversion:2.4.12 (20.10.2020)

Trust: 0.8

vendor:アドバンテック株式会社model:r-seenetscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-009702 // NVD: CVE-2021-21799

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-21799
value: MEDIUM

Trust: 1.0

talos-cna@cisco.com: CVE-2021-21799
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-21799
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-1120
value: MEDIUM

Trust: 0.6

VULHUB: VHN-380203
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-21799
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-21799
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-380203
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-21799
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2021-21799
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2021-21799
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-380203 // VULMON: CVE-2021-21799 // JVNDB: JVNDB-2021-009702 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1120 // NVD: CVE-2021-21799 // NVD: CVE-2021-21799

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

problemtype:Cross-site scripting (CWE-79) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-380203 // JVNDB: JVNDB-2021-009702 // NVD: CVE-2021-21799

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-1120

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:R-SeeNeturl:https://icr.advantech.cz/products/software/r-seenet

Trust: 0.8

title:Advantech R-SeeNet Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157822

Trust: 0.6

title:Kenzer Templates [5170] [DEPRECATED]url:https://github.com/ARPSyndicate/kenzer-templates

Trust: 0.1

sources: VULMON: CVE-2021-21799 // JVNDB: JVNDB-2021-009702 // CNNVD: CNNVD-202107-1120

EXTERNAL IDS

db:NVDid:CVE-2021-21799

Trust: 3.4

db:TALOSid:TALOS-2021-1270

Trust: 2.6

db:JVNDBid:JVNDB-2021-009702

Trust: 0.8

db:CNNVDid:CNNVD-202107-1120

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021071609

Trust: 0.6

db:VULHUBid:VHN-380203

Trust: 0.1

db:VULMONid:CVE-2021-21799

Trust: 0.1

sources: VULHUB: VHN-380203 // VULMON: CVE-2021-21799 // JVNDB: JVNDB-2021-009702 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1120 // NVD: CVE-2021-21799

REFERENCES

url:https://talosintelligence.com/vulnerability_reports/talos-2021-1270

Trust: 3.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21799

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071609

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/arpsyndicate/kenzer-templates

Trust: 0.1

sources: VULHUB: VHN-380203 // VULMON: CVE-2021-21799 // JVNDB: JVNDB-2021-009702 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1120 // NVD: CVE-2021-21799

CREDITS

Member of Cisco Talos team

Trust: 0.6

sources: CNNVD: CNNVD-202107-1120

SOURCES

db:VULHUBid:VHN-380203
db:VULMONid:CVE-2021-21799
db:JVNDBid:JVNDB-2021-009702
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202107-1120
db:NVDid:CVE-2021-21799

LAST UPDATE DATE

2024-08-14T13:05:32.949000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-380203date:2022-09-30T00:00:00
db:VULMONid:CVE-2021-21799date:2022-09-30T00:00:00
db:JVNDBid:JVNDB-2021-009702date:2022-05-17T08:46:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202107-1120date:2021-08-24T00:00:00
db:NVDid:CVE-2021-21799date:2022-09-30T03:08:21.667

SOURCES RELEASE DATE

db:VULHUBid:VHN-380203date:2021-07-16T00:00:00
db:VULMONid:CVE-2021-21799date:2021-07-16T00:00:00
db:JVNDBid:JVNDB-2021-009702date:2022-05-17T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202107-1120date:2021-07-15T00:00:00
db:NVDid:CVE-2021-21799date:2021-07-16T11:15:09.613