Sign-up

ID

VAR-202107-0559


CVE

CVE-2021-21800


TITLE

Advantech R-SeeNet  Cross-site Scripting Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-009701

DESCRIPTION

Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability. Advantech R-SeeNet Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Advantech R-SeeNet is an industrial monitoring software developed by China Taiwan Advantech Company. The software monitors the platform based on the snmp protocol, and is suitable for Linux and Windows platforms

Trust: 2.34

sources: NVD: CVE-2021-21800 // JVNDB: JVNDB-2021-009701 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-380204 // VULMON: CVE-2021-21800

AFFECTED PRODUCTS

vendor:advantechmodel:r-seenetscope:eqversion:2.4.12

Trust: 1.0

vendor:アドバンテック株式会社model:r-seenetscope:eqversion:2.4.12 (20.10.2020)

Trust: 0.8

vendor:アドバンテック株式会社model:r-seenetscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-009701 // NVD: CVE-2021-21800

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-21800
value: MEDIUM

Trust: 1.0

talos-cna@cisco.com: CVE-2021-21800
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-21800
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-1098
value: MEDIUM

Trust: 0.6

VULHUB: VHN-380204
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-21800
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-21800
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-380204
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-21800
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2021-21800
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2021-21800
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-380204 // VULMON: CVE-2021-21800 // JVNDB: JVNDB-2021-009701 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1098 // NVD: CVE-2021-21800 // NVD: CVE-2021-21800

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

problemtype:Cross-site scripting (CWE-79) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-380204 // JVNDB: JVNDB-2021-009701 // NVD: CVE-2021-21800

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-1098

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:R-SeeNeturl:https://icr.advantech.cz/products/software/r-seenet

Trust: 0.8

title:Advantech R-SeeNet Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157821

Trust: 0.6

title:Kenzer Templates [5170] [DEPRECATED]url:https://github.com/ARPSyndicate/kenzer-templates

Trust: 0.1

sources: VULMON: CVE-2021-21800 // JVNDB: JVNDB-2021-009701 // CNNVD: CNNVD-202107-1098

EXTERNAL IDS

db:NVDid:CVE-2021-21800

Trust: 3.4

db:TALOSid:TALOS-2021-1271

Trust: 2.6

db:JVNDBid:JVNDB-2021-009701

Trust: 0.8

db:CNNVDid:CNNVD-202107-1098

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021071609

Trust: 0.6

db:VULHUBid:VHN-380204

Trust: 0.1

db:VULMONid:CVE-2021-21800

Trust: 0.1

sources: VULHUB: VHN-380204 // VULMON: CVE-2021-21800 // JVNDB: JVNDB-2021-009701 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1098 // NVD: CVE-2021-21800

REFERENCES

url:https://talosintelligence.com/vulnerability_reports/talos-2021-1271

Trust: 3.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21800

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071609

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/arpsyndicate/kenzer-templates

Trust: 0.1

sources: VULHUB: VHN-380204 // VULMON: CVE-2021-21800 // JVNDB: JVNDB-2021-009701 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1098 // NVD: CVE-2021-21800

CREDITS

Member of the Cisco Talos team

Trust: 0.6

sources: CNNVD: CNNVD-202107-1098

SOURCES

db:VULHUBid:VHN-380204
db:VULMONid:CVE-2021-21800
db:JVNDBid:JVNDB-2021-009701
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202107-1098
db:NVDid:CVE-2021-21800

LAST UPDATE DATE

2024-08-14T12:49:37.903000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-380204date:2022-09-30T00:00:00
db:VULMONid:CVE-2021-21800date:2022-09-30T00:00:00
db:JVNDBid:JVNDB-2021-009701date:2022-05-17T08:42:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202107-1098date:2021-08-24T00:00:00
db:NVDid:CVE-2021-21800date:2022-09-30T03:08:28.553

SOURCES RELEASE DATE

db:VULHUBid:VHN-380204date:2021-07-16T00:00:00
db:VULMONid:CVE-2021-21800date:2021-07-16T00:00:00
db:JVNDBid:JVNDB-2021-009701date:2022-05-17T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202107-1098date:2021-07-15T00:00:00
db:NVDid:CVE-2021-21800date:2021-07-16T11:15:09.723