Sign-up

ID

VAR-202211-1442


CVE

CVE-2021-42797


TITLE

AVEVA  of  edge  Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-020760

DESCRIPTION

Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources. AVEVA of edge Exists in a past traversal vulnerability.Information may be obtained. AVEVA Edge is a highly scalable and flexible HMI/SCADA software from AVEVA. There is an information disclosure vulnerability in AVEVA Edge 2020 R2

Trust: 2.16

sources: NVD: CVE-2021-42797 // JVNDB: JVNDB-2021-020760 // CNVD: CNVD-2022-86391

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-86391

AFFECTED PRODUCTS

vendor:avevamodel:edgescope:eqversion:2020

Trust: 1.8

vendor:avevamodel:edgescope:ltversion:2020

Trust: 1.0

vendor:avevamodel:edgescope:eqversion: -

Trust: 0.8

vendor:avevamodel:edgescope: - version: -

Trust: 0.8

vendor:avevamodel:edge r2scope:eqversion:2020

Trust: 0.6

sources: CNVD: CNVD-2022-86391 // JVNDB: JVNDB-2021-020760 // NVD: CVE-2021-42797

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-42797
value: HIGH

Trust: 1.0

NVD: CVE-2021-42797
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-86391
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202211-3370
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2022-86391
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-42797
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-42797
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-86391 // JVNDB: JVNDB-2021-020760 // CNNVD: CNNVD-202211-3370 // NVD: CVE-2021-42797

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-020760 // NVD: CVE-2021-42797

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-3370

EXTERNAL IDS

db:NVDid:CVE-2021-42797

Trust: 3.9

db:ICS CERTid:ICSA-22-326-01

Trust: 1.9

db:AUSCERTid:ESB-2022.6114.2

Trust: 1.2

db:JVNid:JVNVU97763467

Trust: 0.8

db:JVNDBid:JVNDB-2021-020760

Trust: 0.8

db:CNVDid:CNVD-2022-86391

Trust: 0.6

db:CNNVDid:CNNVD-202211-3370

Trust: 0.6

db:VULMONid:CVE-2021-42797

Trust: 0.1

sources: CNVD: CNVD-2022-86391 // VULMON: CVE-2021-42797 // JVNDB: JVNDB-2021-020760 // CNNVD: CNNVD-202211-3370 // NVD: CVE-2021-42797

REFERENCES

url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01

Trust: 1.8

url:https://www.aveva.com/en/products/edge/

Trust: 1.8

url:https://www.auscert.org.au/bulletins/esb-2022.6114.2

Trust: 1.2

url:https://jvn.jp/vu/jvnvu97763467/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-42797

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-01

Trust: 0.1

sources: CNVD: CNVD-2022-86391 // VULMON: CVE-2021-42797 // JVNDB: JVNDB-2021-020760 // CNNVD: CNNVD-202211-3370 // NVD: CVE-2021-42797

SOURCES

db:CNVDid:CNVD-2022-86391
db:VULMONid:CVE-2021-42797
db:JVNDBid:JVNDB-2021-020760
db:CNNVDid:CNNVD-202211-3370
db:NVDid:CVE-2021-42797

LAST UPDATE DATE

2024-08-14T12:41:13.255000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-86391date:2022-12-09T00:00:00
db:JVNDBid:JVNDB-2021-020760date:2024-01-16T01:38:00
db:CNNVDid:CNNVD-202211-3370date:2022-12-19T00:00:00
db:NVDid:CVE-2021-42797date:2023-12-20T17:32:50.487

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-86391date:2022-12-06T00:00:00
db:JVNDBid:JVNDB-2021-020760date:2024-01-16T00:00:00
db:CNNVDid:CNNVD-202211-3370date:2022-11-23T00:00:00
db:NVDid:CVE-2021-42797date:2023-12-16T01:15:07.587