Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for CAP/PRX by SITEL

    CVE-2021-32456 (GCVE-0-2021-32456)

    Vulnerability from nvd – Published: 2021-05-17 17:58 – Updated: 2024-09-17 04:14
    VLAI
    Title
    SITEL CAP/PRX cleartext transmission of sensitive information
    Summary
    SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network of the device to obtain the authentication passwords by analysing the network traffic.
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    SITEL CAP/PRX Affected: 5.2.01
    Create a notification for this product.
    Date Public
    2021-05-12 22:00
    Credits
    Industrial Cybersecurity team of S21sec, special mention to Aarón Flecha Menéndez and Luis Martín Liras, as an independent researcher.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:17:29.498Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/sitel-capprx-cleartext-transmission-sensitive-information"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CAP/PRX",
              "vendor": "SITEL",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.01"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."
            }
          ],
          "datePublic": "2021-05-12T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network of the device to obtain the authentication passwords by analysing the network traffic."
                }
              ],
              "value": "SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network of the device to obtain the authentication passwords by analysing the network traffic."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-22T12:21:56.199Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/sitel-capprx-cleartext-transmission-sensitive-information"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
                }
              ],
              "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
            }
          ],
          "source": {
            "advisory": "INCIBE-2021-0181",
            "discovery": "EXTERNAL"
          },
          "title": "SITEL CAP/PRX cleartext transmission of sensitive information",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-coordination@incibe.es",
              "DATE_PUBLIC": "2021-05-13T10:00:00.000Z",
              "ID": "CVE-2021-32456",
              "STATE": "PUBLIC",
              "TITLE": "SITEL CAP/PRX cleartext transmission of sensitive information"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CAP/PRX",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "5.2.01",
                                "version_value": "5.2.01"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SITEL"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network of the device to obtain the authentication passwords by analysing the network traffic."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-319 Cleartext Transmission of Sensitive Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-cleartext-transmission-sensitive-information",
                  "refsource": "CONFIRM",
                  "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-cleartext-transmission-sensitive-information"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
              }
            ],
            "source": {
              "advisory": "INCIBE-2021-0181",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2021-32456",
        "datePublished": "2021-05-17T17:58:34.959Z",
        "dateReserved": "2021-05-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:14:29.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32454 (GCVE-0-2021-32454)

    Vulnerability from nvd – Published: 2021-05-17 17:36 – Updated: 2024-09-16 20:26
    VLAI
    Title
    SITEL CAP/PRX hardcoded credentials
    Summary
    SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access.
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    SITEL CAP/PRX Affected: 5.2.01
    Create a notification for this product.
    Date Public
    2021-05-13 00:00
    Credits
    Industrial Cybersecurity team of S21sec, special mention to Aarón Flecha Menéndez and Luis Martín Liras, as an independent researcher.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:17:29.537Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-hardcoded-credentials"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CAP/PRX",
              "vendor": "SITEL",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.01"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."
            }
          ],
          "datePublic": "2021-05-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-17T17:36:30.000Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-hardcoded-credentials"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
            }
          ],
          "source": {
            "advisory": "INCIBE-2021-0179",
            "discovery": "EXTERNAL"
          },
          "title": "SITEL CAP/PRX hardcoded credentials",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-coordination@incibe.es",
              "DATE_PUBLIC": "2021-05-13T10:00:00.000Z",
              "ID": "CVE-2021-32454",
              "STATE": "PUBLIC",
              "TITLE": "SITEL CAP/PRX hardcoded credentials"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CAP/PRX",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "5.2.01",
                                "version_value": "5.2.01"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SITEL"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-798 Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-hardcoded-credentials",
                  "refsource": "CONFIRM",
                  "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-hardcoded-credentials"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
              }
            ],
            "source": {
              "advisory": "INCIBE-2021-0179",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2021-32454",
        "datePublished": "2021-05-17T17:36:30.615Z",
        "dateReserved": "2021-05-07T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:26:17.258Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32455 (GCVE-0-2021-32455)

    Vulnerability from nvd – Published: 2021-05-17 16:30 – Updated: 2024-09-16 19:14
    VLAI
    Title
    SITEL CAP/PRX vulnerable to a denial of service attack
    Summary
    SITEL CAP/PRX firmware version 5.2.01, allows an attacker with access to the device´s network to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending HTTP requests massively.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    SITEL CAP/PRX Affected: 5.2.01
    Create a notification for this product.
    Date Public
    2021-05-13 00:00
    Credits
    Industrial Cybersecurity team of S21sec, special mention to Aarón Flecha Menéndez and Luis Martín Liras, as an independent researcher.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:17:29.505Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-vulnerable-denial-service-attack"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CAP/PRX",
              "vendor": "SITEL",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.01"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."
            }
          ],
          "datePublic": "2021-05-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SITEL CAP/PRX firmware version 5.2.01, allows an attacker with access to the device\u00b4s network to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending HTTP requests massively."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-17T16:30:34.000Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-vulnerable-denial-service-attack"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
            }
          ],
          "source": {
            "advisory": "INCIBE-2021-0180",
            "discovery": "EXTERNAL"
          },
          "title": "SITEL CAP/PRX vulnerable to a denial of service attack",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-coordination@incibe.es",
              "DATE_PUBLIC": "2021-05-13T10:00:00.000Z",
              "ID": "CVE-2021-32455",
              "STATE": "PUBLIC",
              "TITLE": "SITEL CAP/PRX vulnerable to a denial of service attack"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CAP/PRX",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "5.2.01",
                                "version_value": "5.2.01"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SITEL"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SITEL CAP/PRX firmware version 5.2.01, allows an attacker with access to the device\u00b4s network to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending HTTP requests massively."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400 Uncontrolled Resource Consumption"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-vulnerable-denial-service-attack",
                  "refsource": "CONFIRM",
                  "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-vulnerable-denial-service-attack"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
              }
            ],
            "source": {
              "advisory": "INCIBE-2021-0180",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2021-32455",
        "datePublished": "2021-05-17T16:30:34.125Z",
        "dateReserved": "2021-05-07T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:14:45.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32453 (GCVE-0-2021-32453)

    Vulnerability from nvd – Published: 2021-05-17 16:43 – Updated: 2024-09-16 17:03
    VLAI
    Title
    SITEL CAP/PRX information exposure
    Summary
    SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device´s configuration.
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    SITEL CAP/PRX Affected: 5.2.01
    Create a notification for this product.
    Date Public
    2021-05-12 22:00
    Credits
    Industrial Cybersecurity team of S21sec, special mention to Aarón Flecha Menéndez and Luis Martín Liras, as an independent researcher.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:17:29.549Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/sitel-capprx-information-exposure"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CAP/PRX",
              "vendor": "SITEL",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.01"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."
            }
          ],
          "datePublic": "2021-05-12T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device\u00b4s configuration."
                }
              ],
              "value": "SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device\u00b4s configuration."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-09T15:45:36.788Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/sitel-capprx-information-exposure"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
                }
              ],
              "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
            }
          ],
          "source": {
            "advisory": "INCIBE-2021-0178",
            "discovery": "EXTERNAL"
          },
          "title": "SITEL CAP/PRX information exposure",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-coordination@incibe.es",
              "DATE_PUBLIC": "2021-05-13T10:00:00.000Z",
              "ID": "CVE-2021-32453",
              "STATE": "PUBLIC",
              "TITLE": "SITEL CAP/PRX information exposure"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CAP/PRX",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "5.2.01",
                                "version_value": "5.2.01"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SITEL"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device\u00b4s configuration."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-information-exposure",
                  "refsource": "CONFIRM",
                  "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-information-exposure"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
              }
            ],
            "source": {
              "advisory": "INCIBE-2021-0178",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2021-32453",
        "datePublished": "2021-05-17T16:43:20.931Z",
        "dateReserved": "2021-05-07T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:03:17.777Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32456 (GCVE-0-2021-32456)

    Vulnerability from cvelistv5 – Published: 2021-05-17 17:58 – Updated: 2024-09-17 04:14
    VLAI
    Title
    SITEL CAP/PRX cleartext transmission of sensitive information
    Summary
    SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network of the device to obtain the authentication passwords by analysing the network traffic.
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    SITEL CAP/PRX Affected: 5.2.01
    Create a notification for this product.
    Date Public
    2021-05-12 22:00
    Credits
    Industrial Cybersecurity team of S21sec, special mention to Aarón Flecha Menéndez and Luis Martín Liras, as an independent researcher.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:17:29.498Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/sitel-capprx-cleartext-transmission-sensitive-information"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CAP/PRX",
              "vendor": "SITEL",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.01"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."
            }
          ],
          "datePublic": "2021-05-12T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network of the device to obtain the authentication passwords by analysing the network traffic."
                }
              ],
              "value": "SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network of the device to obtain the authentication passwords by analysing the network traffic."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-22T12:21:56.199Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/sitel-capprx-cleartext-transmission-sensitive-information"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
                }
              ],
              "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
            }
          ],
          "source": {
            "advisory": "INCIBE-2021-0181",
            "discovery": "EXTERNAL"
          },
          "title": "SITEL CAP/PRX cleartext transmission of sensitive information",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-coordination@incibe.es",
              "DATE_PUBLIC": "2021-05-13T10:00:00.000Z",
              "ID": "CVE-2021-32456",
              "STATE": "PUBLIC",
              "TITLE": "SITEL CAP/PRX cleartext transmission of sensitive information"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CAP/PRX",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "5.2.01",
                                "version_value": "5.2.01"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SITEL"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network of the device to obtain the authentication passwords by analysing the network traffic."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-319 Cleartext Transmission of Sensitive Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-cleartext-transmission-sensitive-information",
                  "refsource": "CONFIRM",
                  "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-cleartext-transmission-sensitive-information"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
              }
            ],
            "source": {
              "advisory": "INCIBE-2021-0181",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2021-32456",
        "datePublished": "2021-05-17T17:58:34.959Z",
        "dateReserved": "2021-05-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:14:29.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32454 (GCVE-0-2021-32454)

    Vulnerability from cvelistv5 – Published: 2021-05-17 17:36 – Updated: 2024-09-16 20:26
    VLAI
    Title
    SITEL CAP/PRX hardcoded credentials
    Summary
    SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access.
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    SITEL CAP/PRX Affected: 5.2.01
    Create a notification for this product.
    Date Public
    2021-05-13 00:00
    Credits
    Industrial Cybersecurity team of S21sec, special mention to Aarón Flecha Menéndez and Luis Martín Liras, as an independent researcher.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:17:29.537Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-hardcoded-credentials"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CAP/PRX",
              "vendor": "SITEL",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.01"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."
            }
          ],
          "datePublic": "2021-05-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-17T17:36:30.000Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-hardcoded-credentials"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
            }
          ],
          "source": {
            "advisory": "INCIBE-2021-0179",
            "discovery": "EXTERNAL"
          },
          "title": "SITEL CAP/PRX hardcoded credentials",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-coordination@incibe.es",
              "DATE_PUBLIC": "2021-05-13T10:00:00.000Z",
              "ID": "CVE-2021-32454",
              "STATE": "PUBLIC",
              "TITLE": "SITEL CAP/PRX hardcoded credentials"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CAP/PRX",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "5.2.01",
                                "version_value": "5.2.01"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SITEL"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-798 Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-hardcoded-credentials",
                  "refsource": "CONFIRM",
                  "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-hardcoded-credentials"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
              }
            ],
            "source": {
              "advisory": "INCIBE-2021-0179",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2021-32454",
        "datePublished": "2021-05-17T17:36:30.615Z",
        "dateReserved": "2021-05-07T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:26:17.258Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32453 (GCVE-0-2021-32453)

    Vulnerability from cvelistv5 – Published: 2021-05-17 16:43 – Updated: 2024-09-16 17:03
    VLAI
    Title
    SITEL CAP/PRX information exposure
    Summary
    SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device´s configuration.
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    SITEL CAP/PRX Affected: 5.2.01
    Create a notification for this product.
    Date Public
    2021-05-12 22:00
    Credits
    Industrial Cybersecurity team of S21sec, special mention to Aarón Flecha Menéndez and Luis Martín Liras, as an independent researcher.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:17:29.549Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/sitel-capprx-information-exposure"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CAP/PRX",
              "vendor": "SITEL",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.01"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."
            }
          ],
          "datePublic": "2021-05-12T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device\u00b4s configuration."
                }
              ],
              "value": "SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device\u00b4s configuration."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-09T15:45:36.788Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/sitel-capprx-information-exposure"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
                }
              ],
              "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
            }
          ],
          "source": {
            "advisory": "INCIBE-2021-0178",
            "discovery": "EXTERNAL"
          },
          "title": "SITEL CAP/PRX information exposure",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-coordination@incibe.es",
              "DATE_PUBLIC": "2021-05-13T10:00:00.000Z",
              "ID": "CVE-2021-32453",
              "STATE": "PUBLIC",
              "TITLE": "SITEL CAP/PRX information exposure"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CAP/PRX",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "5.2.01",
                                "version_value": "5.2.01"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SITEL"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device\u00b4s configuration."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-information-exposure",
                  "refsource": "CONFIRM",
                  "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-information-exposure"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
              }
            ],
            "source": {
              "advisory": "INCIBE-2021-0178",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2021-32453",
        "datePublished": "2021-05-17T16:43:20.931Z",
        "dateReserved": "2021-05-07T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:03:17.777Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32455 (GCVE-0-2021-32455)

    Vulnerability from cvelistv5 – Published: 2021-05-17 16:30 – Updated: 2024-09-16 19:14
    VLAI
    Title
    SITEL CAP/PRX vulnerable to a denial of service attack
    Summary
    SITEL CAP/PRX firmware version 5.2.01, allows an attacker with access to the device´s network to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending HTTP requests massively.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    SITEL CAP/PRX Affected: 5.2.01
    Create a notification for this product.
    Date Public
    2021-05-13 00:00
    Credits
    Industrial Cybersecurity team of S21sec, special mention to Aarón Flecha Menéndez and Luis Martín Liras, as an independent researcher.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:17:29.505Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-vulnerable-denial-service-attack"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CAP/PRX",
              "vendor": "SITEL",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.01"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."
            }
          ],
          "datePublic": "2021-05-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SITEL CAP/PRX firmware version 5.2.01, allows an attacker with access to the device\u00b4s network to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending HTTP requests massively."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-17T16:30:34.000Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-vulnerable-denial-service-attack"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
            }
          ],
          "source": {
            "advisory": "INCIBE-2021-0180",
            "discovery": "EXTERNAL"
          },
          "title": "SITEL CAP/PRX vulnerable to a denial of service attack",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-coordination@incibe.es",
              "DATE_PUBLIC": "2021-05-13T10:00:00.000Z",
              "ID": "CVE-2021-32455",
              "STATE": "PUBLIC",
              "TITLE": "SITEL CAP/PRX vulnerable to a denial of service attack"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CAP/PRX",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "5.2.01",
                                "version_value": "5.2.01"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SITEL"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SITEL CAP/PRX firmware version 5.2.01, allows an attacker with access to the device\u00b4s network to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending HTTP requests massively."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400 Uncontrolled Resource Consumption"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-vulnerable-denial-service-attack",
                  "refsource": "CONFIRM",
                  "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-vulnerable-denial-service-attack"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
              }
            ],
            "source": {
              "advisory": "INCIBE-2021-0180",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2021-32455",
        "datePublished": "2021-05-17T16:30:34.125Z",
        "dateReserved": "2021-05-07T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:14:45.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }