Sign-up

ID

VAR-202112-1870


CVE

CVE-2021-43987


TITLE

mySCADA myPRO  Vulnerabilities related to undisclosed functions in

Trust: 0.8

sources: JVNDB: JVNDB-2021-016607

DESCRIPTION

An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface. mySCADA myPRO contains an undocumented functionality vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes

Trust: 2.25

sources: NVD: CVE-2021-43987 // JVNDB: JVNDB-2021-016607 // CNVD: CNVD-2021-102830 // VULMON: CVE-2021-43987

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-102830

AFFECTED PRODUCTS

vendor:myscadamodel:myproscope:lteversion:8.20.0

Trust: 1.0

vendor:myscadamodel:myproscope:eqversion: -

Trust: 0.8

vendor:myscadamodel:myproscope:lteversion:8.20.0 and earlier

Trust: 0.8

vendor:myscadamodel:myproscope:lteversion:<=8.20.0

Trust: 0.6

sources: CNVD: CNVD-2021-102830 // JVNDB: JVNDB-2021-016607 // NVD: CVE-2021-43987

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-43987
value: CRITICAL

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2021-43987
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-43987
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2021-102830
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202112-2086
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-43987
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-43987
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-102830
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-43987
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-016607
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-102830 // VULMON: CVE-2021-43987 // JVNDB: JVNDB-2021-016607 // CNNVD: CNNVD-202112-2086 // NVD: CVE-2021-43987 // NVD: CVE-2021-43987

PROBLEMTYPE DATA

problemtype:CWE-912

Trust: 1.0

problemtype:Unpublished features (CWE-912) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-016607 // NVD: CVE-2021-43987

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2086

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-2086

PATCH

title:myPROurl:https://www.myscada.org/mypro/

Trust: 0.8

title:Patch for mySCADA myPRO has an unknown vulnerability (CNVD-2021-102830)url:https://www.cnvd.org.cn/patchInfo/show/310821

Trust: 0.6

title:mySCADA myPRO Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175463

Trust: 0.6

sources: CNVD: CNVD-2021-102830 // JVNDB: JVNDB-2021-016607 // CNNVD: CNNVD-202112-2086

EXTERNAL IDS

db:NVDid:CVE-2021-43987

Trust: 3.9

db:ICS CERTid:ICSA-21-355-01

Trust: 3.1

db:JVNid:JVNVU90153325

Trust: 0.8

db:JVNDBid:JVNDB-2021-016607

Trust: 0.8

db:CNVDid:CNVD-2021-102830

Trust: 0.6

db:AUSCERTid:ESB-2022.0075

Trust: 0.6

db:CNNVDid:CNNVD-202112-2086

Trust: 0.6

db:VULMONid:CVE-2021-43987

Trust: 0.1

sources: CNVD: CNVD-2021-102830 // VULMON: CVE-2021-43987 // JVNDB: JVNDB-2021-016607 // CNNVD: CNNVD-202112-2086 // NVD: CVE-2021-43987

REFERENCES

url:https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01

Trust: 3.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-43987

Trust: 1.4

url:https://jvn.jp/vu/jvnvu90153325/index.html

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-355-01

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0075

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/912.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2021-102830 // VULMON: CVE-2021-43987 // JVNDB: JVNDB-2021-016607 // CNNVD: CNNVD-202112-2086 // NVD: CVE-2021-43987

CREDITS

Michael Heinzl reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202112-2086

SOURCES

db:CNVDid:CNVD-2021-102830
db:VULMONid:CVE-2021-43987
db:JVNDBid:JVNDB-2021-016607
db:CNNVDid:CNNVD-202112-2086
db:NVDid:CVE-2021-43987

LAST UPDATE DATE

2024-11-23T21:33:27.041000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-102830date:2022-01-26T00:00:00
db:VULMONid:CVE-2021-43987date:2021-12-29T00:00:00
db:JVNDBid:JVNDB-2021-016607date:2022-12-19T04:31:00
db:CNNVDid:CNNVD-202112-2086date:2022-01-10T00:00:00
db:NVDid:CVE-2021-43987date:2024-11-21T06:30:09.503

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-102830date:2021-12-28T00:00:00
db:VULMONid:CVE-2021-43987date:2021-12-23T00:00:00
db:JVNDBid:JVNDB-2021-016607date:2022-12-19T00:00:00
db:CNNVDid:CNNVD-202112-2086date:2021-12-21T00:00:00
db:NVDid:CVE-2021-43987date:2021-12-23T20:15:11.767