Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for dna by valmet

    CVE-2025-15577 (GCVE-0-2025-15577)

    Vulnerability from nvd – Published: 2026-02-12 06:04 – Updated: 2026-02-16 13:29
    VLAI
    Title
    Valmet DNA Web server arbitrary file read access
    Summary
    An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Valmet Valmet DNA Web Tools Affected: 0 , ≤ C2022 (custom)
    Create a notification for this product.
    Date Public
    2026-02-11 15:03
    Credits
    Denis Samotuga
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15577",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-12T14:25:07.795529Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-12T14:25:54.418Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Valmet DNA Web Tools",
              "vendor": "Valmet",
              "versions": [
                {
                  "lessThanOrEqual": "C2022",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Denis Samotuga"
            }
          ],
          "datePublic": "2026-02-11T15:03:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.\u003cp\u003eThis issue affects Valmet DNA Web Tools: C2022 and older.\u003c/p\u003e"
                }
              ],
              "value": "An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "PROOF_OF_CONCEPT",
                "privilegesRequired": "NONE",
                "providerUrgency": "GREEN",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:P/S:N/AU:Y/V:D/RE:M/U:Green",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-16T13:29:46.519Z",
            "orgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166",
            "shortName": "NCSC-FI"
          },
          "references": [
            {
              "url": "https://www.valmet.com/company/innovation/advisories/CVE-2025-15577/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Valmet DNA Web server arbitrary file read access",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166",
        "assignerShortName": "NCSC-FI",
        "cveId": "CVE-2025-15577",
        "datePublished": "2026-02-12T06:04:56.536Z",
        "dateReserved": "2026-02-11T07:10:54.573Z",
        "dateUpdated": "2026-02-16T13:29:46.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-26726 (GCVE-0-2021-26726)

    Vulnerability from nvd – Published: 2022-02-16 15:15 – Updated: 2024-09-17 00:36
    VLAI
    Title
    Remote code execution in Valmet DNA before Collection 2021
    Summary
    A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021.
    CWE
    • CWE-305 - Authentication Bypass by Primary Weakness
    • CWE-209 - Information Exposure Through an Error Message
    • CWE-272 - Least Privilege Violation
    • CWE-78 - OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Valmet DNA Valmet DNA Affected: Collection 2012 , < Collection 2021 (custom)
    Create a notification for this product.
    Date Public
    2022-02-15 00:00
    Credits
    This bug was found by Ivan Speziale of Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:33:41.017Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Valmet DNA",
              "vendor": "Valmet DNA",
              "versions": [
                {
                  "lessThan": "Collection 2021",
                  "status": "affected",
                  "version": "Collection 2012",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This bug was found by Ivan Speziale of Nozomi Networks"
            }
          ],
          "datePublic": "2022-02-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-305",
                  "description": "CWE-305 Authentication Bypass by Primary Weakness",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Information Exposure Through an Error Message",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-272",
                  "description": "CWE-272 Least Privilege Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-16T15:15:12.000Z",
            "orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
            "shortName": "Nozomi"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to Valmet DNA version Collection 2021"
            }
          ],
          "source": {
            "advisory": "https://security.nozominetworks.com/NN-2021:2-01",
            "defect": [
              "NN_2021-0021"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Remote code execution in Valmet DNA before Collection 2021",
          "workarounds": [
            {
              "lang": "en",
              "value": "Use Valmet DNA Firewall feature to limit access to TCP port 1517"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "prodsec@nozominetworks.com",
              "DATE_PUBLIC": "2022-02-15T23:00:00.000Z",
              "ID": "CVE-2021-26726",
              "STATE": "PUBLIC",
              "TITLE": "Remote code execution in Valmet DNA before Collection 2021"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Valmet DNA",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "Collection 2012",
                                "version_value": "Collection 2021"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Valmet DNA"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This bug was found by Ivan Speziale of Nozomi Networks"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-305 Authentication Bypass by Primary Weakness"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-209 Information Exposure Through an Error Message"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-272 Least Privilege Violation"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78 OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/",
                  "refsource": "CONFIRM",
                  "url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/"
                },
                {
                  "name": "https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/",
                  "refsource": "MISC",
                  "url": "https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to Valmet DNA version Collection 2021"
              }
            ],
            "source": {
              "advisory": "https://security.nozominetworks.com/NN-2021:2-01",
              "defect": [
                "NN_2021-0021"
              ],
              "discovery": "EXTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Use Valmet DNA Firewall feature to limit access to TCP port 1517"
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
        "assignerShortName": "Nozomi",
        "cveId": "CVE-2021-26726",
        "datePublished": "2022-02-16T15:15:12.708Z",
        "dateReserved": "2021-02-05T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:36:09.622Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-15577 (GCVE-0-2025-15577)

    Vulnerability from cvelistv5 – Published: 2026-02-12 06:04 – Updated: 2026-02-16 13:29
    VLAI
    Title
    Valmet DNA Web server arbitrary file read access
    Summary
    An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Valmet Valmet DNA Web Tools Affected: 0 , ≤ C2022 (custom)
    Create a notification for this product.
    Date Public
    2026-02-11 15:03
    Credits
    Denis Samotuga
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15577",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-12T14:25:07.795529Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-12T14:25:54.418Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Valmet DNA Web Tools",
              "vendor": "Valmet",
              "versions": [
                {
                  "lessThanOrEqual": "C2022",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Denis Samotuga"
            }
          ],
          "datePublic": "2026-02-11T15:03:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.\u003cp\u003eThis issue affects Valmet DNA Web Tools: C2022 and older.\u003c/p\u003e"
                }
              ],
              "value": "An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "PROOF_OF_CONCEPT",
                "privilegesRequired": "NONE",
                "providerUrgency": "GREEN",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:P/S:N/AU:Y/V:D/RE:M/U:Green",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-16T13:29:46.519Z",
            "orgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166",
            "shortName": "NCSC-FI"
          },
          "references": [
            {
              "url": "https://www.valmet.com/company/innovation/advisories/CVE-2025-15577/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Valmet DNA Web server arbitrary file read access",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166",
        "assignerShortName": "NCSC-FI",
        "cveId": "CVE-2025-15577",
        "datePublished": "2026-02-12T06:04:56.536Z",
        "dateReserved": "2026-02-11T07:10:54.573Z",
        "dateUpdated": "2026-02-16T13:29:46.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-26726 (GCVE-0-2021-26726)

    Vulnerability from cvelistv5 – Published: 2022-02-16 15:15 – Updated: 2024-09-17 00:36
    VLAI
    Title
    Remote code execution in Valmet DNA before Collection 2021
    Summary
    A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021.
    CWE
    • CWE-305 - Authentication Bypass by Primary Weakness
    • CWE-209 - Information Exposure Through an Error Message
    • CWE-272 - Least Privilege Violation
    • CWE-78 - OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Valmet DNA Valmet DNA Affected: Collection 2012 , < Collection 2021 (custom)
    Create a notification for this product.
    Date Public
    2022-02-15 00:00
    Credits
    This bug was found by Ivan Speziale of Nozomi Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:33:41.017Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Valmet DNA",
              "vendor": "Valmet DNA",
              "versions": [
                {
                  "lessThan": "Collection 2021",
                  "status": "affected",
                  "version": "Collection 2012",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This bug was found by Ivan Speziale of Nozomi Networks"
            }
          ],
          "datePublic": "2022-02-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-305",
                  "description": "CWE-305 Authentication Bypass by Primary Weakness",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Information Exposure Through an Error Message",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-272",
                  "description": "CWE-272 Least Privilege Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-16T15:15:12.000Z",
            "orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
            "shortName": "Nozomi"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to Valmet DNA version Collection 2021"
            }
          ],
          "source": {
            "advisory": "https://security.nozominetworks.com/NN-2021:2-01",
            "defect": [
              "NN_2021-0021"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Remote code execution in Valmet DNA before Collection 2021",
          "workarounds": [
            {
              "lang": "en",
              "value": "Use Valmet DNA Firewall feature to limit access to TCP port 1517"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "prodsec@nozominetworks.com",
              "DATE_PUBLIC": "2022-02-15T23:00:00.000Z",
              "ID": "CVE-2021-26726",
              "STATE": "PUBLIC",
              "TITLE": "Remote code execution in Valmet DNA before Collection 2021"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Valmet DNA",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "Collection 2012",
                                "version_value": "Collection 2021"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Valmet DNA"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This bug was found by Ivan Speziale of Nozomi Networks"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-305 Authentication Bypass by Primary Weakness"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-209 Information Exposure Through an Error Message"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-272 Least Privilege Violation"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78 OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/",
                  "refsource": "CONFIRM",
                  "url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/"
                },
                {
                  "name": "https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/",
                  "refsource": "MISC",
                  "url": "https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to Valmet DNA version Collection 2021"
              }
            ],
            "source": {
              "advisory": "https://security.nozominetworks.com/NN-2021:2-01",
              "defect": [
                "NN_2021-0021"
              ],
              "discovery": "EXTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Use Valmet DNA Firewall feature to limit access to TCP port 1517"
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
        "assignerShortName": "Nozomi",
        "cveId": "CVE-2021-26726",
        "datePublished": "2022-02-16T15:15:12.708Z",
        "dateReserved": "2021-02-05T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:36:09.622Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }