Search

Find a vulnerability

Search criteria

    1 vulnerability found for CSDJ -H by NEC Platforms, Ltd.

    JVNDB-2021-000014

    Vulnerability from jvndb - Published: 2021-02-15 15:52 - Updated:2021-02-15 15:52
    Severity
    Summary
    Calsos CSDJ fails to restrict access permissions
    Details
    Calsos CSDJ provided by NEC Platforms, Ltd. fails to restrict access permissions (CWE-264), which may lead to an unauthorized user being able to view the historical data without access privileges. Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000014.html",
      "dc:date": "2021-02-15T15:52+09:00",
      "dcterms:issued": "2021-02-15T15:52+09:00",
      "dcterms:modified": "2021-02-15T15:52+09:00",
      "description": "Calsos CSDJ provided by NEC Platforms, Ltd. fails to restrict access permissions (CWE-264), which may lead to an unauthorized user being able to view the historical data without access privileges.\r\n\r\nTakayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000014.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:necplatforms:calsos_csdj-a_firmware",
          "@product": "CSDJ -A",
          "@vendor": "NEC Platforms, Ltd.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:necplatforms:calsos_csdj-b_firmware",
          "@product": "CSDJ -B",
          "@vendor": "NEC Platforms, Ltd.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:necplatforms:calsos_csdj-d_firmware",
          "@product": "CSDJ -D",
          "@vendor": "NEC Platforms, Ltd.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:necplatforms:calsos_csdj-h_firmware",
          "@product": "CSDJ -H",
          "@vendor": "NEC Platforms, Ltd.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "4.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2021-000014",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN87164507/index.html",
          "@id": "JVN#87164507",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20653",
          "@id": "CVE-2021-20653",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20653",
          "@id": "CVE-2021-20653",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-264",
          "@title": "Permissions(CWE-264)"
        }
      ],
      "title": "Calsos CSDJ fails to restrict access permissions"
    }