CVE-2021-33842

Published: Jun 9, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located.

Affected (1)

Products: Circutor: Sge Plc1000 Firmware

1 product

Sge Plc1000 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Circutor Sge Plc1000 Firmware	Version 0.9.2b

Running on/with	Platform Versions
Circutor Sge Plc1000	All versions

Related CWEs

Reliance on Cookies without Validation and Integrity Checking

The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

References (2)

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/circutor-sge-plc1000-improper-authentication

Source: cve-coordination@incibe.es

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/circutor-sge-plc1000-improper-authentication

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.