Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for WirelessHART Gateway by Emerson

    CVE-2021-42542 (GCVE-0-2021-42542)

    Vulnerability from nvd – Published: 2021-10-22 13:23 – Updated: 2024-09-16 17:52
    VLAI
    Title
    Emerson WirelessHART Gateway
    Summary
    The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Emerson WirelessHART Gateway Affected: 1410 , ≤ 4.7.94 (custom)
    Affected: 1410D , ≤ 4.7.94 (custom)
    Affected: 1420 , ≤ 4.7.94 (custom)
    Create a notification for this product.
    Date Public
    2021-10-05 00:00
    Credits
    Amir Preminger of Claroty reported these vulnerabilities to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:38:49.426Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WirelessHART Gateway",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1410",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1410D",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1420",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
            }
          ],
          "datePublic": "2021-10-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-22T13:23:29.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
            }
          ],
          "source": {
            "advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
            "discovery": "UNKNOWN"
          },
          "title": "Emerson WirelessHART Gateway",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
              "ID": "CVE-2021-42542",
              "STATE": "PUBLIC",
              "TITLE": "Emerson WirelessHART Gateway"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WirelessHART Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1410",
                                "version_value": "4.7.94"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1410D",
                                "version_value": "4.7.94"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1420",
                                "version_value": "4.7.94"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Emerson"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
              }
            ],
            "source": {
              "advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-42542",
        "datePublished": "2021-10-22T13:23:29.883Z",
        "dateReserved": "2021-10-15T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:52:49.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42540 (GCVE-0-2021-42540)

    Vulnerability from nvd – Published: 2021-10-22 13:23 – Updated: 2024-09-16 21:04
    VLAI
    Title
    Emerson WirelessHART Gateway
    Summary
    The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.
    CWE
    • CWE-123 - Write-what-where Condition
    Assigner
    References
    Impacted products
    Vendor Product Version
    Emerson WirelessHART Gateway Affected: 1410 , ≤ 4.7.94 (custom)
    Affected: 1410D , ≤ 4.7.94 (custom)
    Affected: 1420 , ≤ 4.7.94 (custom)
    Create a notification for this product.
    Date Public
    2021-10-05 00:00
    Credits
    Amir Preminger of Claroty reported these vulnerabilities to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:30:38.336Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WirelessHART Gateway",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1410",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1410D",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1420",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
            }
          ],
          "datePublic": "2021-10-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-123",
                  "description": "CWE-123 Write-what-where Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-22T13:23:22.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
            }
          ],
          "source": {
            "advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
            "discovery": "UNKNOWN"
          },
          "title": "Emerson WirelessHART Gateway",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
              "ID": "CVE-2021-42540",
              "STATE": "PUBLIC",
              "TITLE": "Emerson WirelessHART Gateway"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WirelessHART Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1410",
                                "version_value": "4.7.94"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1410D",
                                "version_value": "4.7.94"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1420",
                                "version_value": "4.7.94"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Emerson"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-123 Write-what-where Condition"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
              }
            ],
            "source": {
              "advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-42540",
        "datePublished": "2021-10-22T13:23:22.604Z",
        "dateReserved": "2021-10-15T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:04:12.096Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42539 (GCVE-0-2021-42539)

    Vulnerability from nvd – Published: 2021-10-22 13:23 – Updated: 2024-09-16 18:03
    VLAI
    Title
    Emerson WirelessHART Gateway
    Summary
    The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Emerson WirelessHART Gateway Affected: 1410 , ≤ 4.7.94 (custom)
    Affected: 1410D , ≤ 4.7.94 (custom)
    Affected: 1420 , ≤ 4.7.94 (custom)
    Create a notification for this product.
    Date Public
    2021-10-05 00:00
    Credits
    Amir Preminger of Claroty reported these vulnerabilities to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:30:38.319Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WirelessHART Gateway",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1410",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1410D",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1420",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
            }
          ],
          "datePublic": "2021-10-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-22T13:23:08.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
            }
          ],
          "source": {
            "advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
            "discovery": "UNKNOWN"
          },
          "title": "Emerson WirelessHART Gateway",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
              "ID": "CVE-2021-42539",
              "STATE": "PUBLIC",
              "TITLE": "Emerson WirelessHART Gateway"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WirelessHART Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1410",
                                "version_value": "4.7.94"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1410D",
                                "version_value": "4.7.94"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1420",
                                "version_value": "4.7.94"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Emerson"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-306 Missing Authentication for Critical Function"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
              }
            ],
            "source": {
              "advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-42539",
        "datePublished": "2021-10-22T13:23:08.904Z",
        "dateReserved": "2021-10-15T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:03:13.053Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42538 (GCVE-0-2021-42538)

    Vulnerability from nvd – Published: 2021-10-22 13:23 – Updated: 2024-09-17 00:11
    VLAI
    Title
    Emerson WirelessHART Gateway
    Summary
    The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.
    CWE
    • CWE-78 - OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Emerson WirelessHART Gateway Affected: 1410 , ≤ 4.7.94 (custom)
    Affected: 1410D , ≤ 4.7.94 (custom)
    Affected: 1420 , ≤ 4.7.94 (custom)
    Create a notification for this product.
    Date Public
    2021-10-05 00:00
    Credits
    Amir Preminger of Claroty reported these vulnerabilities to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:30:38.491Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WirelessHART Gateway",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1410",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1410D",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1420",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
            }
          ],
          "datePublic": "2021-10-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-22T13:23:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
            }
          ],
          "source": {
            "advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
            "discovery": "UNKNOWN"
          },
          "title": "Emerson WirelessHART Gateway",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
              "ID": "CVE-2021-42538",
              "STATE": "PUBLIC",
              "TITLE": "Emerson WirelessHART Gateway"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WirelessHART Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1410",
                                "version_value": "4.7.94"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1410D",
                                "version_value": "4.7.94"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1420",
                                "version_value": "4.7.94"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Emerson"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78 OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
              }
            ],
            "source": {
              "advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-42538",
        "datePublished": "2021-10-22T13:23:02.452Z",
        "dateReserved": "2021-10-15T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:11:59.293Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42536 (GCVE-0-2021-42536)

    Vulnerability from nvd – Published: 2021-10-22 13:23 – Updated: 2024-09-17 00:41
    VLAI
    Title
    Emerson WirelessHART Gateway
    Summary
    The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Emerson WirelessHART Gateway Affected: 1410 , ≤ 4.7.94 (custom)
    Affected: 1410D , ≤ 4.7.94 (custom)
    Affected: 1420 , ≤ 4.7.94 (custom)
    Create a notification for this product.
    Date Public
    2021-10-05 00:00
    Credits
    Amir Preminger of Claroty reported these vulnerabilities to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:30:38.286Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WirelessHART Gateway",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1410",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1410D",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1420",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
            }
          ],
          "datePublic": "2021-10-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-22T13:23:15.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
            }
          ],
          "source": {
            "advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
            "discovery": "UNKNOWN"
          },
          "title": "Emerson WirelessHART Gateway",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
              "ID": "CVE-2021-42536",
              "STATE": "PUBLIC",
              "TITLE": "Emerson WirelessHART Gateway"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WirelessHART Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1410",
                                "version_value": "4.7.94"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1410D",
                                "version_value": "4.7.94"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1420",
                                "version_value": "4.7.94"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Emerson"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
              }
            ],
            "source": {
              "advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-42536",
        "datePublished": "2021-10-22T13:23:15.613Z",
        "dateReserved": "2021-10-15T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:41:22.230Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38485 (GCVE-0-2021-38485)

    Vulnerability from nvd – Published: 2021-10-22 13:23 – Updated: 2024-09-16 20:58
    VLAI
    Title
    Emerson WirelessHART Gateway
    Summary
    The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Emerson WirelessHART Gateway Affected: 1410 , ≤ 4.7.94 (custom)
    Affected: 1410D , ≤ 4.7.94 (custom)
    Affected: 1420 , ≤ 4.7.94 (custom)
    Create a notification for this product.
    Date Public
    2021-10-05 00:00
    Credits
    Amir Preminger of Claroty reported these vulnerabilities to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:44:22.923Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WirelessHART Gateway",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1410",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1410D",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1420",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
            }
          ],
          "datePublic": "2021-10-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-22T13:23:38.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
            }
          ],
          "source": {
            "advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
            "discovery": "UNKNOWN"
          },
          "title": "Emerson WirelessHART Gateway",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
              "ID": "CVE-2021-38485",
              "STATE": "PUBLIC",
              "TITLE": "Emerson WirelessHART Gateway"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WirelessHART Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1410",
                                "version_value": "4.7.94"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1410D",
                                "version_value": "4.7.94"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1420",
                                "version_value": "4.7.94"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Emerson"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
              }
            ],
            "source": {
              "advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38485",
        "datePublished": "2021-10-22T13:23:38.936Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:58:26.040Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38485 (GCVE-0-2021-38485)

    Vulnerability from cvelistv5 – Published: 2021-10-22 13:23 – Updated: 2024-09-16 20:58
    VLAI
    Title
    Emerson WirelessHART Gateway
    Summary
    The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Emerson WirelessHART Gateway Affected: 1410 , ≤ 4.7.94 (custom)
    Affected: 1410D , ≤ 4.7.94 (custom)
    Affected: 1420 , ≤ 4.7.94 (custom)
    Create a notification for this product.
    Date Public
    2021-10-05 00:00
    Credits
    Amir Preminger of Claroty reported these vulnerabilities to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:44:22.923Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WirelessHART Gateway",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1410",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1410D",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1420",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
            }
          ],
          "datePublic": "2021-10-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-22T13:23:38.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
            }
          ],
          "source": {
            "advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
            "discovery": "UNKNOWN"
          },
          "title": "Emerson WirelessHART Gateway",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
              "ID": "CVE-2021-38485",
              "STATE": "PUBLIC",
              "TITLE": "Emerson WirelessHART Gateway"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WirelessHART Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1410",
                                "version_value": "4.7.94"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1410D",
                                "version_value": "4.7.94"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1420",
                                "version_value": "4.7.94"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Emerson"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
              }
            ],
            "source": {
              "advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-38485",
        "datePublished": "2021-10-22T13:23:38.936Z",
        "dateReserved": "2021-08-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:58:26.040Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42542 (GCVE-0-2021-42542)

    Vulnerability from cvelistv5 – Published: 2021-10-22 13:23 – Updated: 2024-09-16 17:52
    VLAI
    Title
    Emerson WirelessHART Gateway
    Summary
    The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Emerson WirelessHART Gateway Affected: 1410 , ≤ 4.7.94 (custom)
    Affected: 1410D , ≤ 4.7.94 (custom)
    Affected: 1420 , ≤ 4.7.94 (custom)
    Create a notification for this product.
    Date Public
    2021-10-05 00:00
    Credits
    Amir Preminger of Claroty reported these vulnerabilities to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:38:49.426Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WirelessHART Gateway",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1410",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1410D",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1420",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
            }
          ],
          "datePublic": "2021-10-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-22T13:23:29.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
            }
          ],
          "source": {
            "advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
            "discovery": "UNKNOWN"
          },
          "title": "Emerson WirelessHART Gateway",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
              "ID": "CVE-2021-42542",
              "STATE": "PUBLIC",
              "TITLE": "Emerson WirelessHART Gateway"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WirelessHART Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1410",
                                "version_value": "4.7.94"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1410D",
                                "version_value": "4.7.94"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1420",
                                "version_value": "4.7.94"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Emerson"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
              }
            ],
            "source": {
              "advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-42542",
        "datePublished": "2021-10-22T13:23:29.883Z",
        "dateReserved": "2021-10-15T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:52:49.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42540 (GCVE-0-2021-42540)

    Vulnerability from cvelistv5 – Published: 2021-10-22 13:23 – Updated: 2024-09-16 21:04
    VLAI
    Title
    Emerson WirelessHART Gateway
    Summary
    The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.
    CWE
    • CWE-123 - Write-what-where Condition
    Assigner
    References
    Impacted products
    Vendor Product Version
    Emerson WirelessHART Gateway Affected: 1410 , ≤ 4.7.94 (custom)
    Affected: 1410D , ≤ 4.7.94 (custom)
    Affected: 1420 , ≤ 4.7.94 (custom)
    Create a notification for this product.
    Date Public
    2021-10-05 00:00
    Credits
    Amir Preminger of Claroty reported these vulnerabilities to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:30:38.336Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WirelessHART Gateway",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1410",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1410D",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1420",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
            }
          ],
          "datePublic": "2021-10-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-123",
                  "description": "CWE-123 Write-what-where Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-22T13:23:22.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
            }
          ],
          "source": {
            "advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
            "discovery": "UNKNOWN"
          },
          "title": "Emerson WirelessHART Gateway",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
              "ID": "CVE-2021-42540",
              "STATE": "PUBLIC",
              "TITLE": "Emerson WirelessHART Gateway"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WirelessHART Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1410",
                                "version_value": "4.7.94"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1410D",
                                "version_value": "4.7.94"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1420",
                                "version_value": "4.7.94"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Emerson"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-123 Write-what-where Condition"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
              }
            ],
            "source": {
              "advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-42540",
        "datePublished": "2021-10-22T13:23:22.604Z",
        "dateReserved": "2021-10-15T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:04:12.096Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42536 (GCVE-0-2021-42536)

    Vulnerability from cvelistv5 – Published: 2021-10-22 13:23 – Updated: 2024-09-17 00:41
    VLAI
    Title
    Emerson WirelessHART Gateway
    Summary
    The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Emerson WirelessHART Gateway Affected: 1410 , ≤ 4.7.94 (custom)
    Affected: 1410D , ≤ 4.7.94 (custom)
    Affected: 1420 , ≤ 4.7.94 (custom)
    Create a notification for this product.
    Date Public
    2021-10-05 00:00
    Credits
    Amir Preminger of Claroty reported these vulnerabilities to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:30:38.286Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WirelessHART Gateway",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1410",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1410D",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1420",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
            }
          ],
          "datePublic": "2021-10-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-22T13:23:15.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
            }
          ],
          "source": {
            "advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
            "discovery": "UNKNOWN"
          },
          "title": "Emerson WirelessHART Gateway",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
              "ID": "CVE-2021-42536",
              "STATE": "PUBLIC",
              "TITLE": "Emerson WirelessHART Gateway"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WirelessHART Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1410",
                                "version_value": "4.7.94"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1410D",
                                "version_value": "4.7.94"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1420",
                                "version_value": "4.7.94"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Emerson"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
              }
            ],
            "source": {
              "advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-42536",
        "datePublished": "2021-10-22T13:23:15.613Z",
        "dateReserved": "2021-10-15T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:41:22.230Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42539 (GCVE-0-2021-42539)

    Vulnerability from cvelistv5 – Published: 2021-10-22 13:23 – Updated: 2024-09-16 18:03
    VLAI
    Title
    Emerson WirelessHART Gateway
    Summary
    The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Emerson WirelessHART Gateway Affected: 1410 , ≤ 4.7.94 (custom)
    Affected: 1410D , ≤ 4.7.94 (custom)
    Affected: 1420 , ≤ 4.7.94 (custom)
    Create a notification for this product.
    Date Public
    2021-10-05 00:00
    Credits
    Amir Preminger of Claroty reported these vulnerabilities to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:30:38.319Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WirelessHART Gateway",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1410",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1410D",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1420",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
            }
          ],
          "datePublic": "2021-10-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-22T13:23:08.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
            }
          ],
          "source": {
            "advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
            "discovery": "UNKNOWN"
          },
          "title": "Emerson WirelessHART Gateway",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
              "ID": "CVE-2021-42539",
              "STATE": "PUBLIC",
              "TITLE": "Emerson WirelessHART Gateway"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WirelessHART Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1410",
                                "version_value": "4.7.94"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1410D",
                                "version_value": "4.7.94"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1420",
                                "version_value": "4.7.94"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Emerson"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-306 Missing Authentication for Critical Function"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
              }
            ],
            "source": {
              "advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-42539",
        "datePublished": "2021-10-22T13:23:08.904Z",
        "dateReserved": "2021-10-15T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:03:13.053Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42538 (GCVE-0-2021-42538)

    Vulnerability from cvelistv5 – Published: 2021-10-22 13:23 – Updated: 2024-09-17 00:11
    VLAI
    Title
    Emerson WirelessHART Gateway
    Summary
    The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.
    CWE
    • CWE-78 - OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Emerson WirelessHART Gateway Affected: 1410 , ≤ 4.7.94 (custom)
    Affected: 1410D , ≤ 4.7.94 (custom)
    Affected: 1420 , ≤ 4.7.94 (custom)
    Create a notification for this product.
    Date Public
    2021-10-05 00:00
    Credits
    Amir Preminger of Claroty reported these vulnerabilities to CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:30:38.491Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WirelessHART Gateway",
              "vendor": "Emerson",
              "versions": [
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1410",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1410D",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7.94",
                  "status": "affected",
                  "version": "1420",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
            }
          ],
          "datePublic": "2021-10-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-22T13:23:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
            }
          ],
          "source": {
            "advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
            "discovery": "UNKNOWN"
          },
          "title": "Emerson WirelessHART Gateway",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-10-05T21:42:00.000Z",
              "ID": "CVE-2021-42538",
              "STATE": "PUBLIC",
              "TITLE": "Emerson WirelessHART Gateway"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WirelessHART Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1410",
                                "version_value": "4.7.94"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1410D",
                                "version_value": "4.7.94"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1420",
                                "version_value": "4.7.94"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Emerson"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Amir Preminger of Claroty reported these vulnerabilities to CISA"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78 OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Emerson recommends upgrading to v4.7.105 to address these vulnerabilities.\n\nUsers can visit the Emerson Gate Firmware site for and download instructions.\n\nIf affected users do not yet have a free Guardian account, please see the updated Emerson Gateway Firmware download process by following the link above and viewing the download guide."
              }
            ],
            "source": {
              "advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-42538",
        "datePublished": "2021-10-22T13:23:02.452Z",
        "dateReserved": "2021-10-15T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:11:59.293Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }