Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-32979 (GCVE-0-2021-32979)
Vulnerability from cvelistv5 – Published: 2021-09-23 13:32 – Updated: 2024-09-16 20:51
VLAI
EPSS
Title
AVEVA SuiteLink Server Null Pointer Dereference
Summary
Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a
Severity
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.aveva.com/content/dam/aveva/documents… | x_refsource_CONFIRM |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| AVEVA Software, LLC | AVEVA System Platform 2020 |
Affected:
unspecified , ≤ R2 P01
(custom)
|
|
| AVEVA Software, LLC | AVEVA InTouch 2020 |
Affected:
unspecified , ≤ R2 P01
(custom)
|
|
| AVEVA Software, LLC | AVEVA Historian 2020 |
Affected:
unspecified , ≤ R2 P01
(custom)
|
|
| AVEVA Software, LLC | AVEVA Communication Drivers Pack 2020 |
Affected:
unspecified , ≤ R2
(custom)
|
|
| AVEVA Software, LLC | AVEVA Batch Management 2020 |
Affected:
unspecified , ≤ 2020
(custom)
|
|
| AVEVA Software, LLC | AVEVA MES 2014 |
Affected:
unspecified , ≤ R2
(custom)
|
Date Public
2021-08-19 00:00
Credits
Sharon Brizinov of Claroty reported these vulnerabilities to AVEVA
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:56.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AVEVA System Platform 2020",
"vendor": "AVEVA Software, LLC",
"versions": [
{
"lessThanOrEqual": "R2 P01",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "AVEVA InTouch 2020",
"vendor": "AVEVA Software, LLC",
"versions": [
{
"lessThanOrEqual": "R2 P01",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "AVEVA Historian 2020",
"vendor": "AVEVA Software, LLC",
"versions": [
{
"lessThanOrEqual": "R2 P01",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "AVEVA Communication Drivers Pack 2020",
"vendor": "AVEVA Software, LLC",
"versions": [
{
"lessThanOrEqual": "R2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "AVEVA Batch Management 2020",
"vendor": "AVEVA Software, LLC",
"versions": [
{
"lessThanOrEqual": "2020",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "AVEVA MES 2014",
"vendor": "AVEVA Software, LLC",
"versions": [
{
"lessThanOrEqual": "R2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov of Claroty reported these vulnerabilities to AVEVA"
}
],
"datePublic": "2021-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T13:32:59.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "AVEVA recommends organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation.\n\nUsers with affected versions of these products should apply the corresponding security update. Note a subset of the updates requires activation-based licensing.\n\nPlease see AVEVA security bulletin AVEVA-2021-003 for more information."
}
],
"source": {
"advisory": "ICSA-21-231-01",
"discovery": "UNKNOWN"
},
"title": "AVEVA SuiteLink Server Null Pointer Dereference",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-08-19T15:00:00.000Z",
"ID": "CVE-2021-32979",
"STATE": "PUBLIC",
"TITLE": "AVEVA SuiteLink Server Null Pointer Dereference"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AVEVA System Platform 2020",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "R2 P01"
}
]
}
},
{
"product_name": "AVEVA InTouch 2020",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "R2 P01"
}
]
}
},
{
"product_name": "AVEVA Historian 2020",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "R2 P01"
}
]
}
},
{
"product_name": "AVEVA Communication Drivers Pack 2020",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "R2"
}
]
}
},
{
"product_name": "AVEVA Batch Management 2020",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2020"
}
]
}
},
{
"product_name": "AVEVA MES 2014",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "R2"
}
]
}
}
]
},
"vendor_name": "AVEVA Software, LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sharon Brizinov of Claroty reported these vulnerabilities to AVEVA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf",
"refsource": "CONFIRM",
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "AVEVA recommends organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation.\n\nUsers with affected versions of these products should apply the corresponding security update. Note a subset of the updates requires activation-based licensing.\n\nPlease see AVEVA security bulletin AVEVA-2021-003 for more information."
}
],
"source": {
"advisory": "ICSA-21-231-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32979",
"datePublished": "2021-09-23T13:32:59.908Z",
"dateReserved": "2021-05-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:51:41.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-32979",
"date": "2026-06-09",
"epss": "0.00458",
"percentile": "0.64364"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-32979\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2021-09-23T14:15:07.713\",\"lastModified\":\"2024-11-21T06:08:03.080\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a\"},{\"lang\":\"es\",\"value\":\"Una desreferencia de puntero null en SuiteLink server mientras se procesan los comandos 0x04/0x0a\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aveva:suitelink:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.2.002\",\"matchCriteriaId\":\"1F95AB71-FFFE-4BF7-94C4-992D356C1359\"}]}]}],\"references\":[{\"url\":\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
FKIE_CVE-2021-32979
Vulnerability from fkie_nvd - Published: 2021-09-23 14:15 - Updated: 2024-11-21 06:08
Severity
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aveva:suitelink:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F95AB71-FFFE-4BF7-94C4-992D356C1359",
"versionEndExcluding": "3.2.002",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a"
},
{
"lang": "es",
"value": "Una desreferencia de puntero null en SuiteLink server mientras se procesan los comandos 0x04/0x0a"
}
],
"id": "CVE-2021-32979",
"lastModified": "2024-11-21T06:08:03.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-23T14:15:07.713",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
GHSA-PR4X-XMGG-HG68
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15
VLAI
Details
Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a
{
"affected": [],
"aliases": [
"CVE-2021-32979"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-23T14:15:00Z",
"severity": "HIGH"
},
"details": "Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a",
"id": "GHSA-pr4x-xmgg-hg68",
"modified": "2022-05-24T19:15:33Z",
"published": "2022-05-24T19:15:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32979"
},
{
"type": "WEB",
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2021-32979
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-32979",
"description": "Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a",
"id": "GSD-2021-32979"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-32979"
],
"details": "Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a",
"id": "GSD-2021-32979",
"modified": "2023-12-13T01:23:08.736031Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-08-19T15:00:00.000Z",
"ID": "CVE-2021-32979",
"STATE": "PUBLIC",
"TITLE": "AVEVA SuiteLink Server Null Pointer Dereference"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AVEVA System Platform 2020",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "R2 P01"
}
]
}
},
{
"product_name": "AVEVA InTouch 2020",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "R2 P01"
}
]
}
},
{
"product_name": "AVEVA Historian 2020 ",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "R2 P01"
}
]
}
},
{
"product_name": "AVEVA Communication Drivers Pack 2020 ",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "R2"
}
]
}
},
{
"product_name": "AVEVA Batch Management 2020",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2020"
}
]
}
},
{
"product_name": "AVEVA MES 2014",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "R2"
}
]
}
}
]
},
"vendor_name": "AVEVA Software, LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sharon Brizinov of Claroty reported these vulnerabilities to AVEVA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf",
"refsource": "CONFIRM",
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf"
}
]
},
"solution": [
{
"lang": "eng",
"value": "AVEVA recommends organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation.\n\nUsers with affected versions of these products should apply the corresponding security update. Note a subset of the updates requires activation-based licensing.\n\nPlease see AVEVA security bulletin AVEVA-2021-003 for more information."
}
],
"source": {
"advisory": "ICSA-21-231-01",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:suitelink:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.002",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32979"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-10-01T18:55Z",
"publishedDate": "2021-09-23T14:15Z"
}
}
}
ICSA-21-231-01
Vulnerability from csaf_cisa - Published: 2021-08-19 00:00 - Updated: 2021-08-19 00:00Summary
ICSA-21-231-01_AVEVA SuiteLink Server
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Summary: Sharon Brizinov of Claroty reported these vulnerabilities to AVEVA.
Exploitability: No known public exploits specifically target these vulnerabilities.
8.1 (High)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AVEVA MES: 2014 R2 and all prior versions
AVEVA Software, LLC / AVEVA MES
|
< 2014 R2 |
Mitigation
Mitigation
fix
|
|
|
AVEVA Batch Management: 2020 and all prior versions
AVEVA Software, LLC / AVEVA Batch Management
|
< 2014 R2 |
Mitigation
Mitigation
fix
|
|
|
AVEVA InTouch: 2020 R2 P01 and all prior versions
AVEVA Software, LLC / AVEVA InTouch
|
<= 2020 |
Mitigation
Mitigation
fix
|
|
|
AVEVA Communication Drivers Pack: 2020 R2 and all prior versions
AVEVA Software, LLC / AVEVA Communication Drivers Pack
|
<= 2020 R2 |
Mitigation
Mitigation
fix
|
|
|
AVEVA System Platform: 2020 R2 P01 and all prior versions
AVEVA Software, LLC / AVEVA System Platform
|
<= 2020 R2 P01 |
Mitigation
Mitigation
fix
|
|
|
AVEVA Data Acquisition Servers: all versions
AVEVA Software, LLC / AVEVA Data Acquisition Servers
|
vers:all/* |
Mitigation
Mitigation
fix
|
|
|
AVEVA Historian: 2020 R2 P01 and all prior versions
AVEVA Software, LLC / AVEVA Historian
|
<= 2020 R2 P01 |
Mitigation
Mitigation
fix
|
|
|
AVEVA Operations Integration Core: 3.0 and all prior versions
AVEVA Software, LLC / AVEVA Operations Integration Core
|
3.0 and < |
Mitigation
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AVEVA MES: 2014 R2 and all prior versions
AVEVA Software, LLC / AVEVA MES
|
< 2014 R2 |
Mitigation
Mitigation
fix
|
|
|
AVEVA Batch Management: 2020 and all prior versions
AVEVA Software, LLC / AVEVA Batch Management
|
< 2014 R2 |
Mitigation
Mitigation
fix
|
|
|
AVEVA InTouch: 2020 R2 P01 and all prior versions
AVEVA Software, LLC / AVEVA InTouch
|
<= 2020 |
Mitigation
Mitigation
fix
|
|
|
AVEVA Communication Drivers Pack: 2020 R2 and all prior versions
AVEVA Software, LLC / AVEVA Communication Drivers Pack
|
<= 2020 R2 |
Mitigation
Mitigation
fix
|
|
|
AVEVA System Platform: 2020 R2 P01 and all prior versions
AVEVA Software, LLC / AVEVA System Platform
|
<= 2020 R2 P01 |
Mitigation
Mitigation
fix
|
|
|
AVEVA Data Acquisition Servers: all versions
AVEVA Software, LLC / AVEVA Data Acquisition Servers
|
vers:all/* |
Mitigation
Mitigation
fix
|
|
|
AVEVA Historian: 2020 R2 P01 and all prior versions
AVEVA Software, LLC / AVEVA Historian
|
<= 2020 R2 P01 |
Mitigation
Mitigation
fix
|
|
|
AVEVA Operations Integration Core: 3.0 and all prior versions
AVEVA Software, LLC / AVEVA Operations Integration Core
|
3.0 and < |
Mitigation
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AVEVA MES: 2014 R2 and all prior versions
AVEVA Software, LLC / AVEVA MES
|
< 2014 R2 |
Mitigation
Mitigation
fix
|
|
|
AVEVA Batch Management: 2020 and all prior versions
AVEVA Software, LLC / AVEVA Batch Management
|
< 2014 R2 |
Mitigation
Mitigation
fix
|
|
|
AVEVA InTouch: 2020 R2 P01 and all prior versions
AVEVA Software, LLC / AVEVA InTouch
|
<= 2020 |
Mitigation
Mitigation
fix
|
|
|
AVEVA Communication Drivers Pack: 2020 R2 and all prior versions
AVEVA Software, LLC / AVEVA Communication Drivers Pack
|
<= 2020 R2 |
Mitigation
Mitigation
fix
|
|
|
AVEVA System Platform: 2020 R2 P01 and all prior versions
AVEVA Software, LLC / AVEVA System Platform
|
<= 2020 R2 P01 |
Mitigation
Mitigation
fix
|
|
|
AVEVA Data Acquisition Servers: all versions
AVEVA Software, LLC / AVEVA Data Acquisition Servers
|
vers:all/* |
Mitigation
Mitigation
fix
|
|
|
AVEVA Historian: 2020 R2 P01 and all prior versions
AVEVA Software, LLC / AVEVA Historian
|
<= 2020 R2 P01 |
Mitigation
Mitigation
fix
|
|
|
AVEVA Operations Integration Core: 3.0 and all prior versions
AVEVA Software, LLC / AVEVA Operations Integration Core
|
3.0 and < |
Mitigation
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AVEVA MES: 2014 R2 and all prior versions
AVEVA Software, LLC / AVEVA MES
|
< 2014 R2 |
Mitigation
Mitigation
fix
|
|
|
AVEVA Batch Management: 2020 and all prior versions
AVEVA Software, LLC / AVEVA Batch Management
|
< 2014 R2 |
Mitigation
Mitigation
fix
|
|
|
AVEVA InTouch: 2020 R2 P01 and all prior versions
AVEVA Software, LLC / AVEVA InTouch
|
<= 2020 |
Mitigation
Mitigation
fix
|
|
|
AVEVA Communication Drivers Pack: 2020 R2 and all prior versions
AVEVA Software, LLC / AVEVA Communication Drivers Pack
|
<= 2020 R2 |
Mitigation
Mitigation
fix
|
|
|
AVEVA System Platform: 2020 R2 P01 and all prior versions
AVEVA Software, LLC / AVEVA System Platform
|
<= 2020 R2 P01 |
Mitigation
Mitigation
fix
|
|
|
AVEVA Data Acquisition Servers: all versions
AVEVA Software, LLC / AVEVA Data Acquisition Servers
|
vers:all/* |
Mitigation
Mitigation
fix
|
|
|
AVEVA Historian: 2020 R2 P01 and all prior versions
AVEVA Software, LLC / AVEVA Historian
|
<= 2020 R2 P01 |
Mitigation
Mitigation
fix
|
|
|
AVEVA Operations Integration Core: 3.0 and all prior versions
AVEVA Software, LLC / AVEVA Operations Integration Core
|
3.0 and < |
Mitigation
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AVEVA MES: 2014 R2 and all prior versions
AVEVA Software, LLC / AVEVA MES
|
< 2014 R2 |
Mitigation
Mitigation
fix
|
|
|
AVEVA Batch Management: 2020 and all prior versions
AVEVA Software, LLC / AVEVA Batch Management
|
< 2014 R2 |
Mitigation
Mitigation
fix
|
|
|
AVEVA InTouch: 2020 R2 P01 and all prior versions
AVEVA Software, LLC / AVEVA InTouch
|
<= 2020 |
Mitigation
Mitigation
fix
|
|
|
AVEVA Communication Drivers Pack: 2020 R2 and all prior versions
AVEVA Software, LLC / AVEVA Communication Drivers Pack
|
<= 2020 R2 |
Mitigation
Mitigation
fix
|
|
|
AVEVA System Platform: 2020 R2 P01 and all prior versions
AVEVA Software, LLC / AVEVA System Platform
|
<= 2020 R2 P01 |
Mitigation
Mitigation
fix
|
|
|
AVEVA Data Acquisition Servers: all versions
AVEVA Software, LLC / AVEVA Data Acquisition Servers
|
vers:all/* |
Mitigation
Mitigation
fix
|
|
|
AVEVA Historian: 2020 R2 P01 and all prior versions
AVEVA Software, LLC / AVEVA Historian
|
<= 2020 R2 P01 |
Mitigation
Mitigation
fix
|
|
|
AVEVA Operations Integration Core: 3.0 and all prior versions
AVEVA Software, LLC / AVEVA Operations Integration Core
|
3.0 and < |
Mitigation
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AVEVA MES: 2014 R2 and all prior versions
AVEVA Software, LLC / AVEVA MES
|
< 2014 R2 |
Mitigation
Mitigation
fix
|
|
|
AVEVA Batch Management: 2020 and all prior versions
AVEVA Software, LLC / AVEVA Batch Management
|
< 2014 R2 |
Mitigation
Mitigation
fix
|
|
|
AVEVA InTouch: 2020 R2 P01 and all prior versions
AVEVA Software, LLC / AVEVA InTouch
|
<= 2020 |
Mitigation
Mitigation
fix
|
|
|
AVEVA Communication Drivers Pack: 2020 R2 and all prior versions
AVEVA Software, LLC / AVEVA Communication Drivers Pack
|
<= 2020 R2 |
Mitigation
Mitigation
fix
|
|
|
AVEVA System Platform: 2020 R2 P01 and all prior versions
AVEVA Software, LLC / AVEVA System Platform
|
<= 2020 R2 P01 |
Mitigation
Mitigation
fix
|
|
|
AVEVA Data Acquisition Servers: all versions
AVEVA Software, LLC / AVEVA Data Acquisition Servers
|
vers:all/* |
Mitigation
Mitigation
fix
|
|
|
AVEVA Historian: 2020 R2 P01 and all prior versions
AVEVA Software, LLC / AVEVA Historian
|
<= 2020 R2 P01 |
Mitigation
Mitigation
fix
|
|
|
AVEVA Operations Integration Core: 3.0 and all prior versions
AVEVA Software, LLC / AVEVA Operations Integration Core
|
3.0 and < |
Mitigation
Mitigation
fix
|
References
Acknowledgments
Claroty
Sharon Brizinov
{
"document": {
"acknowledgments": [
{
"names": [
"Sharon Brizinov"
],
"organization": "Claroty",
"summary": "reporting these vulnerabilities to AVEVA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "summary",
"text": "Sharon Brizinov of Claroty reported these vulnerabilities to AVEVA.",
"title": "Summary"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "CISAservicedesk@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-21-231-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-231-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-231-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-231-01"
}
],
"title": "ICSA-21-231-01_AVEVA SuiteLink Server",
"tracking": {
"current_release_date": "2021-08-19T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA USCert CSAF Generator",
"version": "1"
}
},
"id": "ICSA-21-231-01",
"initial_release_date": "2021-08-19T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-08-19T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-21-231-01 AVEVA SuiteLink Server"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 2014 R2",
"product": {
"name": "AVEVA MES: 2014 R2 and all prior versions",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "AVEVA MES"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 2014 R2",
"product": {
"name": "AVEVA Batch Management: 2020 and all prior versions",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "AVEVA Batch Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 2020",
"product": {
"name": "AVEVA InTouch: 2020 R2 P01 and all prior versions",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "AVEVA InTouch"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 2020 R2",
"product": {
"name": "AVEVA Communication Drivers Pack: 2020 R2 and all prior versions",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "AVEVA Communication Drivers Pack"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 2020 R2 P01",
"product": {
"name": "AVEVA System Platform: 2020 R2 P01 and all prior versions",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "AVEVA System Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "AVEVA Data Acquisition Servers: all versions",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "AVEVA Data Acquisition Servers"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 2020 R2 P01",
"product": {
"name": "AVEVA Historian: 2020 R2 P01 and all prior versions",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "AVEVA Historian"
},
{
"branches": [
{
"category": "product_version_range",
"name": "3.0 and \u003c",
"product": {
"name": "AVEVA Operations Integration Core: 3.0 and all prior versions",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "AVEVA Operations Integration Core"
}
],
"category": "vendor",
"name": "AVEVA Software, LLC"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-32959",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06CVE-2021-32959 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Users with affected versions of these products should apply the corresponding security update. Note a subset of the updates requires activation-based licensing.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Please see AVEVA security bulletin AVEVA-2021-003 for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
],
"title": "CVE-2021-32959"
},
{
"cve": "CVE-2021-32963",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "Null pointer dereference in SuiteLink server while processing commands 0x03/0x10CVE-2021-32963 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Users with affected versions of these products should apply the corresponding security update. Note a subset of the updates requires activation-based licensing.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Please see AVEVA security bulletin AVEVA-2021-003 for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
],
"title": "CVE-2021-32963"
},
{
"cve": "CVE-2021-32979",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "Null pointer dereference in SuiteLink server while processing commands 0x04/0x0aCVE-2021-32979 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Users with affected versions of these products should apply the corresponding security update. Note a subset of the updates requires activation-based licensing.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Please see AVEVA security bulletin AVEVA-2021-003 for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
],
"title": "CVE-2021-32979"
},
{
"cve": "CVE-2021-32971",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "Null pointer dereference in SuiteLink server while processing command 0x07CVE-2021-32971 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Users with affected versions of these products should apply the corresponding security update. Note a subset of the updates requires activation-based licensing.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Please see AVEVA security bulletin AVEVA-2021-003 for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
],
"title": "CVE-2021-32971"
},
{
"cve": "CVE-2021-32987",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "Null pointer dereference in SuiteLink server while processing command 0x0bCVE-2021-32987 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Users with affected versions of these products should apply the corresponding security update. Note a subset of the updates requires activation-based licensing.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Please see AVEVA security bulletin AVEVA-2021-003 for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
],
"title": "CVE-2021-32987"
},
{
"cve": "CVE-2021-32999",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "Improper handling of exceptional conditions in SuiteLink server while processing command 0x01CVE-2021-32999 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Users with affected versions of these products should apply the corresponding security update. Note a subset of the updates requires activation-based licensing.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Please see AVEVA security bulletin AVEVA-2021-003 for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
],
"title": "CVE-2021-32999"
}
]
}
VAR-202109-0591
Vulnerability from variot - Updated: 2024-08-14 13:53Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a. AVEVA Provided by the company SuiteLink Server The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-32959 ‥ * NULL Pointer reference (CWE-476) - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 ‥ * Improper handling of exception conditions (CWE-755) - CVE-2021-32999The expected impact depends on each vulnerability, but if a specific command process is executed by a remote third party, it may be affected as follows. Twice * Execution of arbitrary code or disruption of service operation ( DoS ) Be in a state - CVE-2021-32959 ‥ * Denial of service ( DoS ) Be in a state - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 , CVE-2021-32999
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-0591",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "suitelink",
"scope": "lt",
"trust": 1.0,
"vendor": "aveva",
"version": "3.2.002"
},
{
"model": "batch management",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "operations integration",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "data acquisition servers",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "communication drivers pack",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "mes",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "historian",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
},
{
"model": "intouch",
"scope": "eq",
"trust": 0.8,
"vendor": "aveva",
"version": "2020 r2 p01 and all previous s"
},
{
"model": "system platform",
"scope": null,
"trust": 0.8,
"vendor": "aveva",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32979"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sharon Brizinov of Claroty reported these vulnerabilities to AVEVA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1665"
}
],
"trust": 0.6
},
"cve": "CVE-2021-32979",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-32979",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-32979",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-002284",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-32979",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-32979",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002284",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-1665",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-32979",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32979"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1665"
},
{
"db": "NVD",
"id": "CVE-2021-32979"
},
{
"db": "NVD",
"id": "CVE-2021-32979"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a. AVEVA Provided by the company SuiteLink Server The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-32959 \u2025 * NULL Pointer reference (CWE-476) - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 \u2025 * Improper handling of exception conditions (CWE-755) - CVE-2021-32999The expected impact depends on each vulnerability, but if a specific command process is executed by a remote third party, it may be affected as follows. Twice * Execution of arbitrary code or disruption of service operation ( DoS ) Be in a state - CVE-2021-32959 \u2025 * Denial of service ( DoS ) Be in a state - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 , CVE-2021-32999",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32979"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "VULMON",
"id": "CVE-2021-32979"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-32979",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-21-231-01",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU92695780",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.2822",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1665",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-32979",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32979"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1665"
},
{
"db": "NVD",
"id": "CVE-2021-32979"
}
]
},
"id": "VAR-202109-0591",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.20625000500000001
},
"last_update_date": "2024-08-14T13:53:55.129000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY\u00a0BULLETIN\u00a0AVEVA-2021-003",
"trust": 0.8,
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf"
},
{
"title": "Aveva SuiteLink Server Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164628"
},
{
"title": "CVE-2021-32979",
"trust": 0.1,
"url": "https://github.com/AlAIAL90/CVE-2021-32979 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32979"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1665"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.0
},
{
"problemtype": "Heap-based buffer overflow (CWE-122) [ Other ]",
"trust": 0.8
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Improper handling in exceptional conditions (CWE-755) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "NVD",
"id": "CVE-2021-32979"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/securitybulletin_aveva-2021-003.pdf"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-231-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92695780/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2822"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2021-32979"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-32979"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1665"
},
{
"db": "NVD",
"id": "CVE-2021-32979"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-32979"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1665"
},
{
"db": "NVD",
"id": "CVE-2021-32979"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32979"
},
{
"date": "2021-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"date": "2021-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1665"
},
{
"date": "2021-09-23T14:15:07.713000",
"db": "NVD",
"id": "CVE-2021-32979"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-01T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32979"
},
{
"date": "2021-08-23T07:37:00",
"db": "JVNDB",
"id": "JVNDB-2021-002284"
},
{
"date": "2021-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1665"
},
{
"date": "2021-10-01T18:55:51.547000",
"db": "NVD",
"id": "CVE-2021-32979"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1665"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AVEVA\u00a0 Made \u00a0SuiteLink\u00a0Server\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002284"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1665"
}
],
"trust": 0.6
}
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…