Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
4 vulnerabilities found for dna by valmet
CVE-2025-15577 (GCVE-0-2025-15577)
Vulnerability from nvd – Published: 2026-02-12 06:04 – Updated: 2026-02-16 13:29
VLAI?
Title
Valmet DNA Web server arbitrary file read access
Summary
An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Valmet | Valmet DNA Web Tools |
Affected:
0 , ≤ C2022
(custom)
|
Date Public ?
2026-02-11 15:03
Credits
Denis Samotuga
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T14:25:07.795529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T14:25:54.418Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Valmet DNA Web Tools",
"vendor": "Valmet",
"versions": [
{
"lessThanOrEqual": "C2022",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Denis Samotuga"
}
],
"datePublic": "2026-02-11T15:03:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.\u003cp\u003eThis issue affects Valmet DNA Web Tools: C2022 and older.\u003c/p\u003e"
}
],
"value": "An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:P/S:N/AU:Y/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-16T13:29:46.519Z",
"orgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166",
"shortName": "NCSC-FI"
},
"references": [
{
"url": "https://www.valmet.com/company/innovation/advisories/CVE-2025-15577/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Valmet DNA Web server arbitrary file read access",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166",
"assignerShortName": "NCSC-FI",
"cveId": "CVE-2025-15577",
"datePublished": "2026-02-12T06:04:56.536Z",
"dateReserved": "2026-02-11T07:10:54.573Z",
"dateUpdated": "2026-02-16T13:29:46.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-26726 (GCVE-0-2021-26726)
Vulnerability from nvd – Published: 2022-02-16 15:15 – Updated: 2024-09-17 00:36
VLAI?
Title
Remote code execution in Valmet DNA before Collection 2021
Summary
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021.
Severity ?
8.8 (High)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Valmet DNA | Valmet DNA |
Affected:
Collection 2012 , < Collection 2021
(custom)
|
Date Public ?
2022-02-15 00:00
Credits
This bug was found by Ivan Speziale of Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:41.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Valmet DNA",
"vendor": "Valmet DNA",
"versions": [
{
"lessThan": "Collection 2021",
"status": "affected",
"version": "Collection 2012",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This bug was found by Ivan Speziale of Nozomi Networks"
}
],
"datePublic": "2022-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Information Exposure Through an Error Message",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-272",
"description": "CWE-272 Least Privilege Violation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-16T15:15:12.000Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Valmet DNA version Collection 2021"
}
],
"source": {
"advisory": "https://security.nozominetworks.com/NN-2021:2-01",
"defect": [
"NN_2021-0021"
],
"discovery": "EXTERNAL"
},
"title": "Remote code execution in Valmet DNA before Collection 2021",
"workarounds": [
{
"lang": "en",
"value": "Use Valmet DNA Firewall feature to limit access to TCP port 1517"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "prodsec@nozominetworks.com",
"DATE_PUBLIC": "2022-02-15T23:00:00.000Z",
"ID": "CVE-2021-26726",
"STATE": "PUBLIC",
"TITLE": "Remote code execution in Valmet DNA before Collection 2021"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Valmet DNA",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Collection 2012",
"version_value": "Collection 2021"
}
]
}
}
]
},
"vendor_name": "Valmet DNA"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This bug was found by Ivan Speziale of Nozomi Networks"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305 Authentication Bypass by Primary Weakness"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Information Exposure Through an Error Message"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-272 Least Privilege Violation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/",
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/"
},
{
"name": "https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/",
"refsource": "MISC",
"url": "https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Valmet DNA version Collection 2021"
}
],
"source": {
"advisory": "https://security.nozominetworks.com/NN-2021:2-01",
"defect": [
"NN_2021-0021"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Use Valmet DNA Firewall feature to limit access to TCP port 1517"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2021-26726",
"datePublished": "2022-02-16T15:15:12.708Z",
"dateReserved": "2021-02-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:36:09.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-15577 (GCVE-0-2025-15577)
Vulnerability from cvelistv5 – Published: 2026-02-12 06:04 – Updated: 2026-02-16 13:29
VLAI?
Title
Valmet DNA Web server arbitrary file read access
Summary
An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Valmet | Valmet DNA Web Tools |
Affected:
0 , ≤ C2022
(custom)
|
Date Public ?
2026-02-11 15:03
Credits
Denis Samotuga
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T14:25:07.795529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T14:25:54.418Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Valmet DNA Web Tools",
"vendor": "Valmet",
"versions": [
{
"lessThanOrEqual": "C2022",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Denis Samotuga"
}
],
"datePublic": "2026-02-11T15:03:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.\u003cp\u003eThis issue affects Valmet DNA Web Tools: C2022 and older.\u003c/p\u003e"
}
],
"value": "An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:P/S:N/AU:Y/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-16T13:29:46.519Z",
"orgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166",
"shortName": "NCSC-FI"
},
"references": [
{
"url": "https://www.valmet.com/company/innovation/advisories/CVE-2025-15577/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Valmet DNA Web server arbitrary file read access",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166",
"assignerShortName": "NCSC-FI",
"cveId": "CVE-2025-15577",
"datePublished": "2026-02-12T06:04:56.536Z",
"dateReserved": "2026-02-11T07:10:54.573Z",
"dateUpdated": "2026-02-16T13:29:46.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-26726 (GCVE-0-2021-26726)
Vulnerability from cvelistv5 – Published: 2022-02-16 15:15 – Updated: 2024-09-17 00:36
VLAI?
Title
Remote code execution in Valmet DNA before Collection 2021
Summary
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021.
Severity ?
8.8 (High)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Valmet DNA | Valmet DNA |
Affected:
Collection 2012 , < Collection 2021
(custom)
|
Date Public ?
2022-02-15 00:00
Credits
This bug was found by Ivan Speziale of Nozomi Networks
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:41.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Valmet DNA",
"vendor": "Valmet DNA",
"versions": [
{
"lessThan": "Collection 2021",
"status": "affected",
"version": "Collection 2012",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This bug was found by Ivan Speziale of Nozomi Networks"
}
],
"datePublic": "2022-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Information Exposure Through an Error Message",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-272",
"description": "CWE-272 Least Privilege Violation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-16T15:15:12.000Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Valmet DNA version Collection 2021"
}
],
"source": {
"advisory": "https://security.nozominetworks.com/NN-2021:2-01",
"defect": [
"NN_2021-0021"
],
"discovery": "EXTERNAL"
},
"title": "Remote code execution in Valmet DNA before Collection 2021",
"workarounds": [
{
"lang": "en",
"value": "Use Valmet DNA Firewall feature to limit access to TCP port 1517"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "prodsec@nozominetworks.com",
"DATE_PUBLIC": "2022-02-15T23:00:00.000Z",
"ID": "CVE-2021-26726",
"STATE": "PUBLIC",
"TITLE": "Remote code execution in Valmet DNA before Collection 2021"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Valmet DNA",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Collection 2012",
"version_value": "Collection 2021"
}
]
}
}
]
},
"vendor_name": "Valmet DNA"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This bug was found by Ivan Speziale of Nozomi Networks"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305 Authentication Bypass by Primary Weakness"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Information Exposure Through an Error Message"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-272 Least Privilege Violation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/",
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/"
},
{
"name": "https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/",
"refsource": "MISC",
"url": "https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Valmet DNA version Collection 2021"
}
],
"source": {
"advisory": "https://security.nozominetworks.com/NN-2021:2-01",
"defect": [
"NN_2021-0021"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Use Valmet DNA Firewall feature to limit access to TCP port 1517"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2021-26726",
"datePublished": "2022-02-16T15:15:12.708Z",
"dateReserved": "2021-02-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:36:09.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}