Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for defibrillator_dashboard by zoll

    CVE-2021-27485 (GCVE-0-2021-27485)

    Vulnerability from nvd – Published: 2021-06-16 12:16 – Updated: 2024-08-03 21:26
    VLAI
    Summary
    ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser.
    Severity
    No CVSS data available.
    CWE
    • CWE-257 - STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-257
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a ZOLL Defibrillator Dashboard Affected: All versions prior to 2.2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:26:09.022Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZOLL Defibrillator Dashboard",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-257",
                  "description": "STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-257",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-16T12:16:47.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-27485",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZOLL Defibrillator Dashboard",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-257"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27485",
        "datePublished": "2021-06-16T12:16:47.000Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:26:09.022Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27483 (GCVE-0-2021-27483)

    Vulnerability from nvd – Published: 2021-06-16 12:17 – Updated: 2024-08-03 21:26
    VLAI
    Summary
    ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user.
    Severity
    No CVSS data available.
    CWE
    • CWE-269 - IMPROPER PRIVILEGE MANAGEMENT CWE-269
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a ZOLL Defibrillator Dashboard Affected: All versions prior to 2.2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:26:08.928Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZOLL Defibrillator Dashboard",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "IMPROPER PRIVILEGE MANAGEMENT CWE-269",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-16T12:17:09.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-27483",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZOLL Defibrillator Dashboard",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER PRIVILEGE MANAGEMENT CWE-269"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27483",
        "datePublished": "2021-06-16T12:17:09.000Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:26:08.928Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27479 (GCVE-0-2021-27479)

    Vulnerability from nvd – Published: 2021-06-16 12:16 – Updated: 2024-08-03 20:48
    VLAI
    Summary
    ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a ZOLL Defibrillator Dashboard Affected: All versions prior to 2.2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:17.358Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZOLL Defibrillator Dashboard",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product\u2019s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-16T12:16:36.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-27479",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZOLL Defibrillator Dashboard",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product\u2019s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27479",
        "datePublished": "2021-06-16T12:16:36.000Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:48:17.358Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27489 (GCVE-0-2021-27489)

    Vulnerability from nvd – Published: 2021-06-16 11:59 – Updated: 2024-08-03 21:26
    VLAI
    Summary
    ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands.
    Severity
    No CVSS data available.
    CWE
    • CWE-434 - UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a ZOLL Defibrillator Dashboard Affected: All versions prior to 2.2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:26:08.972Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZOLL Defibrillator Dashboard",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-16T11:59:33.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-27489",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZOLL Defibrillator Dashboard",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27489",
        "datePublished": "2021-06-16T11:59:33.000Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:26:08.972Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27487 (GCVE-0-2021-27487)

    Vulnerability from nvd – Published: 2021-06-16 11:59 – Updated: 2024-08-03 21:26
    VLAI
    Summary
    ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information.
    Severity
    No CVSS data available.
    CWE
    • CWE-312 - CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a ZOLL Defibrillator Dashboard Affected: All versions prior to 2.2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:26:08.954Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZOLL Defibrillator Dashboard",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-16T11:59:46.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-27487",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZOLL Defibrillator Dashboard",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27487",
        "datePublished": "2021-06-16T11:59:46.000Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:26:08.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27481 (GCVE-0-2021-27481)

    Vulnerability from nvd – Published: 2021-06-16 11:59 – Updated: 2024-08-03 20:48
    VLAI
    Summary
    ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information.
    Severity
    No CVSS data available.
    CWE
    • CWE-321 - USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a ZOLL Defibrillator Dashboard Affected: All versions prior to 2.2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:17.256Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZOLL Defibrillator Dashboard",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-16T11:59:39.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-27481",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZOLL Defibrillator Dashboard",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27481",
        "datePublished": "2021-06-16T11:59:39.000Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:48:17.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27483 (GCVE-0-2021-27483)

    Vulnerability from cvelistv5 – Published: 2021-06-16 12:17 – Updated: 2024-08-03 21:26
    VLAI
    Summary
    ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user.
    Severity
    No CVSS data available.
    CWE
    • CWE-269 - IMPROPER PRIVILEGE MANAGEMENT CWE-269
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a ZOLL Defibrillator Dashboard Affected: All versions prior to 2.2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:26:08.928Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZOLL Defibrillator Dashboard",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "IMPROPER PRIVILEGE MANAGEMENT CWE-269",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-16T12:17:09.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-27483",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZOLL Defibrillator Dashboard",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER PRIVILEGE MANAGEMENT CWE-269"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27483",
        "datePublished": "2021-06-16T12:17:09.000Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:26:08.928Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27485 (GCVE-0-2021-27485)

    Vulnerability from cvelistv5 – Published: 2021-06-16 12:16 – Updated: 2024-08-03 21:26
    VLAI
    Summary
    ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser.
    Severity
    No CVSS data available.
    CWE
    • CWE-257 - STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-257
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a ZOLL Defibrillator Dashboard Affected: All versions prior to 2.2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:26:09.022Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZOLL Defibrillator Dashboard",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-257",
                  "description": "STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-257",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-16T12:16:47.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-27485",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZOLL Defibrillator Dashboard",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-257"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27485",
        "datePublished": "2021-06-16T12:16:47.000Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:26:09.022Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27479 (GCVE-0-2021-27479)

    Vulnerability from cvelistv5 – Published: 2021-06-16 12:16 – Updated: 2024-08-03 20:48
    VLAI
    Summary
    ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a ZOLL Defibrillator Dashboard Affected: All versions prior to 2.2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:17.358Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZOLL Defibrillator Dashboard",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product\u2019s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-16T12:16:36.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-27479",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZOLL Defibrillator Dashboard",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product\u2019s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27479",
        "datePublished": "2021-06-16T12:16:36.000Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:48:17.358Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27487 (GCVE-0-2021-27487)

    Vulnerability from cvelistv5 – Published: 2021-06-16 11:59 – Updated: 2024-08-03 21:26
    VLAI
    Summary
    ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information.
    Severity
    No CVSS data available.
    CWE
    • CWE-312 - CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a ZOLL Defibrillator Dashboard Affected: All versions prior to 2.2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:26:08.954Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZOLL Defibrillator Dashboard",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-16T11:59:46.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-27487",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZOLL Defibrillator Dashboard",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27487",
        "datePublished": "2021-06-16T11:59:46.000Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:26:08.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27481 (GCVE-0-2021-27481)

    Vulnerability from cvelistv5 – Published: 2021-06-16 11:59 – Updated: 2024-08-03 20:48
    VLAI
    Summary
    ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information.
    Severity
    No CVSS data available.
    CWE
    • CWE-321 - USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a ZOLL Defibrillator Dashboard Affected: All versions prior to 2.2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:17.256Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZOLL Defibrillator Dashboard",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-16T11:59:39.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-27481",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZOLL Defibrillator Dashboard",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27481",
        "datePublished": "2021-06-16T11:59:39.000Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:48:17.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27489 (GCVE-0-2021-27489)

    Vulnerability from cvelistv5 – Published: 2021-06-16 11:59 – Updated: 2024-08-03 21:26
    VLAI
    Summary
    ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands.
    Severity
    No CVSS data available.
    CWE
    • CWE-434 - UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a ZOLL Defibrillator Dashboard Affected: All versions prior to 2.2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:26:08.972Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZOLL Defibrillator Dashboard",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-16T11:59:33.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-27489",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZOLL Defibrillator Dashboard",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27489",
        "datePublished": "2021-06-16T11:59:33.000Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:26:08.972Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }