CVE-2021-22682

Published: Apr 23, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, which allows full permissions, including read/write access. This may allow unprivileged users to modify the binaries and configuration files and lead to local privilege escalation.

Affected (5)

Products: Hornerautomation: Cscape

Hornerautomation

1 product

Cscape

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Hornerautomation Cscape	Before 9.90
Hornerautomation Cscape	Version 9.90
Hornerautomation Cscape	Version 9.90 sp1
Hornerautomation Cscape	Version 9.90 sp2
Hornerautomation Cscape	Version 9.90 sp3

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://us-cert.cisa.gov/ics/advisories/icsa-21-112-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://us-cert.cisa.gov/ics/advisories/icsa-21-112-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.