Details of VAR-202202-1186

ID

VAR-202202-1186

CVE

CVE-2021-21967

TITLE

Sealevel Systems SeaConnect 370W Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202202-085

DESCRIPTION

An out-of-bounds write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. Sealevel Systems SeaConnect 370W is an industrial Internet of Things (Iiot) edge device from Sealevel Systems in the United States. Used to remotely monitor and control the status of the actual I/O process. An attacker can cause an out-of-bounds write and cause a denial of service through a specially crafted network packet. The following products and versions are affected: Sealevel Systems SeaConnect 370W v1.3.34

Trust: 1.53

sources: NVD: CVE-2021-21967 // CNNVD: CNNVD-202202-085 // VULMON: CVE-2021-21967

AFFECTED PRODUCTS

vendor:

sealevel

model:

seaconnect 370w

scope:

version:

1.3.34

Trust: 1.0

sources: NVD: CVE-2021-21967

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21967
value:	MEDIUM
Trust: 1.0
talos-cna@cisco.com:	CVE-2021-21967
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202202-085
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-21967
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-21967
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

nvd@nist.gov:	CVE-2021-21967
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.1
Trust: 1.0
talos-cna@cisco.com:	CVE-2021-21967
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	4.2
version:	3.0
Trust: 1.0

sources: VULMON: CVE-2021-21967 // CNNVD: CNNVD-202202-085 // NVD: CVE-2021-21967 // NVD: CVE-2021-21967

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.0

sources: NVD: CVE-2021-21967

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-085

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202202-085

PATCH

title:

Sealevel Systems SeaConnect 370W Buffer error vulnerability fix

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180556

Trust: 0.6

sources: CNNVD: CNNVD-202202-085

EXTERNAL IDS

db:	TALOS	id:	TALOS-2021-1394	Trust: 1.7
db:	NVD	id:	CVE-2021-21967	Trust: 1.7
db:	CNNVD	id:	CNNVD-202202-085	Trust: 0.6
db:	VULMON	id:	CVE-2021-21967	Trust: 0.1

sources: VULMON: CVE-2021-21967 // CNNVD: CNNVD-202202-085 // NVD: CVE-2021-21967

REFERENCES

url:	https://talosintelligence.com/vulnerability_reports/talos-2021-1394	Trust: 2.3
url:	https://cxsecurity.com/cveshow/cve-2021-21967/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/120.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-21967 // CNNVD: CNNVD-202202-085 // NVD: CVE-2021-21967

CREDITS

Discovered by Francesco Benvenuto and Matt Wiseman of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-202202-085

SOURCES

db:	VULMON	id:	CVE-2021-21967
db:	CNNVD	id:	CNNVD-202202-085
db:	NVD	id:	CVE-2021-21967

LAST UPDATE DATE

2024-08-14T15:06:28.661000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-21967	date:	2022-04-21T00:00:00
db:	CNNVD	id:	CNNVD-202202-085	date:	2022-04-22T00:00:00
db:	NVD	id:	CVE-2021-21967	date:	2022-04-21T15:42:35.203

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-21967	date:	2022-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202202-085	date:	2022-02-01T00:00:00
db:	NVD	id:	CVE-2021-21967	date:	2022-04-14T20:15:08.650