Details of VAR-202211-1444

ID

VAR-202211-1444

CVE

CVE-2021-42796

TITLE

AVEVA of edge Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-020761

DESCRIPTION

An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed. AVEVA of edge Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. AVEVA Edge is a highly scalable and flexible HMI/SCADA software from AVEVA. There are security vulnerabilities in AVEVA Edge 2020 R2 and its previous versions, which may be exploited by attackers to affect the confidentiality, availability, or integrity of the system. There are currently no vulnerability details

Trust: 2.16

sources: NVD: CVE-2021-42796 // JVNDB: JVNDB-2021-020761 // CNVD: CNVD-2022-85520

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-85520

AFFECTED PRODUCTS

vendor:	aveva	model:	edge	scope:	eq	version:	2020	Trust: 1.8
vendor:	aveva	model:	edge	scope:	lt	version:	2020	Trust: 1.0
vendor:	aveva	model:	edge	scope:	eq	version:	-	Trust: 0.8
vendor:	aveva	model:	edge	scope:	-	version:	-	Trust: 0.8
vendor:	aveva	model:	edge r2	scope:	lte	version:	<=2020	Trust: 0.6

sources: CNVD: CNVD-2022-85520 // JVNDB: JVNDB-2021-020761 // NVD: CVE-2021-42796

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-42796
value:	CRITICAL
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2021-42796
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-42796
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2022-85520
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202211-3369
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2022-85520
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-42796
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2021-42796
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-85520 // JVNDB: JVNDB-2021-020761 // CNNVD: CNNVD-202211-3369 // NVD: CVE-2021-42796 // NVD: CVE-2021-42796

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-020761 // NVD: CVE-2021-42796

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-3369

EXTERNAL IDS

db:	NVD	id:	CVE-2021-42796	Trust: 3.9
db:	ICS CERT	id:	ICSA-22-326-01	Trust: 1.9
db:	AUSCERT	id:	ESB-2022.6114.2	Trust: 1.2
db:	JVN	id:	JVNVU97763467	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-020761	Trust: 0.8
db:	CNVD	id:	CNVD-2022-85520	Trust: 0.6
db:	CNNVD	id:	CNNVD-202211-3369	Trust: 0.6
db:	VULMON	id:	CVE-2021-42796	Trust: 0.1

sources: CNVD: CNVD-2022-85520 // VULMON: CVE-2021-42796 // JVNDB: JVNDB-2021-020761 // CNNVD: CNNVD-202211-3369 // NVD: CVE-2021-42796

REFERENCES

url:	https://www.cisa.gov/news-events/ics-advisories/icsa-22-326-01	Trust: 1.8
url:	https://www.aveva.com/en/products/edge/	Trust: 1.8
url:	https://www.auscert.org.au/bulletins/esb-2022.6114.2	Trust: 1.2
url:	https://jvn.jp/vu/jvnvu97763467/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-42796	Trust: 0.8
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-01	Trust: 0.1

sources: CNVD: CNVD-2022-85520 // VULMON: CVE-2021-42796 // JVNDB: JVNDB-2021-020761 // CNNVD: CNNVD-202211-3369 // NVD: CVE-2021-42796

SOURCES

db:	CNVD	id:	CNVD-2022-85520
db:	VULMON	id:	CVE-2021-42796
db:	JVNDB	id:	JVNDB-2021-020761
db:	CNNVD	id:	CNNVD-202211-3369
db:	NVD	id:	CVE-2021-42796

LAST UPDATE DATE

2024-10-08T21:24:18.115000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-85520	date:	2022-12-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-020761	date:	2024-01-16T01:38:00
db:	CNNVD	id:	CNNVD-202211-3369	date:	2022-12-19T00:00:00
db:	NVD	id:	CVE-2021-42796	date:	2024-10-07T19:36:11.143

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-85520	date:	2022-12-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-020761	date:	2024-01-16T00:00:00
db:	CNNVD	id:	CNNVD-202211-3369	date:	2022-11-23T00:00:00
db:	NVD	id:	CVE-2021-42796	date:	2023-12-16T01:15:07.540