Details of VAR-202107-1664

ID

VAR-202107-1664

CVE

CVE-2021-32985

TITLE

AVEVA System Platform Access Control Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-102839 // CNNVD: CNNVD-202107-2080

DESCRIPTION

AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid. AVEVA Provided by the company AVEVA System Platform contains multiple vulnerabilities: * Lack of authentication for critical features (CWE-306) - CVE-2021-33008 It was * Problems with not handling exceptions (CWE-248) - CVE-2021-33010 It was * Path traversal (CWE-22) - CVE-2021-32981 It was * Same-origin policy violation (CWE-346) - CVE-2021-32985 It was * Improper verification of digital signatures (CWE-347) - CVE-2021-32977The expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party on an adjacent network may be able to execute arbitrary code with system privileges. - CVE-2021-33008 It was * Service operation obstruction by a remote third party (DoS) state - CVE-2021-33010 It was * The input value that specifies a file or directory under an access-restricted directory is not processed properly, allowing a remote third party to access a directory outside the access-restricted directory. AVEVA System Platform is an application software of British AVEVA company. A responsive, standards-driven and scalable foundation for regulatory, enterprise SCADA, MES and IIoT applications. No detailed vulnerability details are currently available

Trust: 2.7

sources: NVD: CVE-2021-32985 // JVNDB: JVNDB-2021-001897 // CNVD: CNVD-2021-102839 // CNNVD: CNNVD-202107-2080

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-102839

AFFECTED PRODUCTS

vendor:	aveva	model:	system platform	scope:	lt	version:	2020	Trust: 1.0
vendor:	aveva	model:	system platform	scope:	eq	version:	2020	Trust: 1.0
vendor:	aveva	model:	system platform	scope:	gte	version:	2017	Trust: 1.0
vendor:	aveva	model:	system platform	scope:	eq	version:	2017 to 2020 r2 p01 to	Trust: 0.8
vendor:	aveva	model:	system platform	scope:	eq	version:	-	Trust: 0.8
vendor:	aveva	model:	system platform r2 p01	scope:	gte	version:	2017,<=2020	Trust: 0.6

sources: CNVD: CNVD-2021-102839 // JVNDB: JVNDB-2021-001897 // NVD: CVE-2021-32985

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-32985
value:	HIGH
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2021-32985
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2021-001897
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-102839
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202107-2080
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-32985
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2021-102839
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-32985
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 2.0
IPA:	JVNDB-2021-001897
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-102839 // JVNDB: JVNDB-2021-001897 // CNNVD: CNNVD-202107-2080 // NVD: CVE-2021-32985 // NVD: CVE-2021-32985

PROBLEMTYPE DATA

problemtype:	CWE-346	Trust: 1.0
problemtype:	uncaught exception (CWE-248) [IPA evaluation ]	Trust: 0.8
problemtype:	Lack of authentication for critical features (CWE-306) [IPA evaluation ]	Trust: 0.8
problemtype:	Path traversal (CWE-22) [IPA evaluation ]	Trust: 0.8
problemtype:	Same-origin policy violation (CWE-346) [IPA evaluation ]	Trust: 0.8
problemtype:	Improper verification of digital signatures (CWE-347) [IPA evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-001897 // NVD: CVE-2021-32985

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-2080

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202107-2080

PATCH

title:	SECURITY BULLETIN AVEVA-2021-002	url:	https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-002.pdf	Trust: 0.8
title:	Patch for AVEVA System Platform Access Control Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/310976	Trust: 0.6
title:	AVEVA System Platform Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157925	Trust: 0.6

sources: CNVD: CNVD-2021-102839 // JVNDB: JVNDB-2021-001897 // CNNVD: CNNVD-202107-2080

EXTERNAL IDS

db:	NVD	id:	CVE-2021-32985	Trust: 3.8
db:	ICS CERT	id:	ICSA-21-180-05	Trust: 3.0
db:	JVN	id:	JVNVU90207343	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-001897	Trust: 0.8
db:	CNVD	id:	CNVD-2021-102839	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2281.2	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-2080	Trust: 0.6

sources: CNVD: CNVD-2021-102839 // JVNDB: JVNDB-2021-001897 // CNNVD: CNNVD-202107-2080 // NVD: CVE-2021-32985

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-180-05	Trust: 2.0
url:	https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/securitybulletin_aveva-2021-002.pdf	Trust: 1.6
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-21-180-05	Trust: 1.6
url:	http://jvn.jp/cert/jvnvu90207343	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33008	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33010	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32981	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32985	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32977	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.2281.2	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2021-32985/	Trust: 0.6

sources: CNVD: CNVD-2021-102839 // JVNDB: JVNDB-2021-001897 // CNNVD: CNNVD-202107-2080 // NVD: CVE-2021-32985

CREDITS

Sharon Brizinov of Claroty reported these vulnerabilities to AVEVA.

Trust: 0.6

sources: CNNVD: CNNVD-202107-2080

SOURCES

db:	CNVD	id:	CNVD-2021-102839
db:	JVNDB	id:	JVNDB-2021-001897
db:	CNNVD	id:	CNNVD-202107-2080
db:	NVD	id:	CVE-2021-32985

LAST UPDATE DATE

2024-08-14T12:05:01.493000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-102839	date:	2022-01-18T00:00:00
db:	JVNDB	id:	JVNDB-2021-001897	date:	2024-06-20T04:33:00
db:	CNNVD	id:	CNNVD-202107-2080	date:	2022-04-14T00:00:00
db:	NVD	id:	CVE-2021-32985	date:	2022-04-13T12:49:59.053

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-102839	date:	2021-12-28T00:00:00
db:	JVNDB	id:	JVNDB-2021-001897	date:	2021-07-01T00:00:00
db:	CNNVD	id:	CNNVD-202107-2080	date:	2021-07-27T00:00:00
db:	NVD	id:	CVE-2021-32985	date:	2022-04-04T20:15:09.150