CVE-2021-33008

Published: Apr 4, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity.

Affected (4)

Products: Aveva: System Platform

1 product

System Platform

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Aveva System Platform	From 2017 to 2020
Aveva System Platform	Version 2020
Aveva System Platform	Version 2020 r2
Aveva System Platform	Version 2020 r2_p01

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-002.pdf

Source: ics-cert@hq.dhs.gov

Vendor Advisory

https://www.cisa.gov/uscert/ics/advisories/icsa-21-180-05

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-002.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.cisa.gov/uscert/ics/advisories/icsa-21-180-05

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.