← Voltar para CVEs
CVE-2021-32986
CRITICAL9.8
Descricao
After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado4/4/2022
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
automationdirect:c0-10are-dautomationdirect:c0-10are-d_firmwareautomationdirect:c0-10dd1e-dautomationdirect:c0-10dd1e-d_firmwareautomationdirect:c0-10dd2e-dautomationdirect:c0-10dd2e-d_firmwareautomationdirect:c0-10dre-dautomationdirect:c0-10dre-d_firmwareautomationdirect:c0-11are-dautomationdirect:c0-11are-d_firmwareautomationdirect:c0-11dd1e-dautomationdirect:c0-11dd1e-d_firmwareautomationdirect:c0-11dd2e-dautomationdirect:c0-11dd2e-d_firmwareautomationdirect:c0-11dre-dautomationdirect:c0-11dre-d_firmwareautomationdirect:c0-12are-1-dautomationdirect:c0-12are-1-d_firmwareautomationdirect:c0-12are-2-dautomationdirect:c0-12are-2-d_firmwareautomationdirect:c0-12are-dautomationdirect:c0-12are-d_firmwareautomationdirect:c0-12dd1e-1-dautomationdirect:c0-12dd1e-1-d_firmwareautomationdirect:c0-12dd1e-2-dautomationdirect:c0-12dd1e-2-d_firmwareautomationdirect:c0-12dd1e-dautomationdirect:c0-12dd1e-d_firmwareautomationdirect:c0-12dd2e-1-dautomationdirect:c0-12dd2e-1-d_firmwareautomationdirect:c0-12dd2e-2-dautomationdirect:c0-12dd2e-2-d_firmwareautomationdirect:c0-12dd2e-dautomationdirect:c0-12dd2e-d_firmwareautomationdirect:c0-12dre-1-dautomationdirect:c0-12dre-1-d_firmwareautomationdirect:c0-12dre-2-dautomationdirect:c0-12dre-2-d_firmwareautomationdirect:c0-12dre-dautomationdirect:c0-12dre-d_firmware
Fraquezas (CWE)
CWE-288CWE-863
Referencias
https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02(ics-cert@hq.dhs.gov)
https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.