CVE-2021-32942

Опубликовано: 09 июн. 2021

Источник: nvd

CVSS3: 6.6

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location.

Ссылки

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-03
Patch
Third Party Advisory
US Government Resource
https://www.aveva.com/en/support/cyber-security-updates/
Patch
Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-03
Patch
Third Party Advisory
US Government Resource
https://www.aveva.com/en/support/cyber-security-updates/
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:aveva:intouch_2017:-:update3:*:*:*:*:*:*

cpe:2.3:a:aveva:intouch_2020:-:*:*:*:*:*:*:*

cpe:2.3:a:aveva:intouch_2020:r2:*:*:*:*:*:*:*

EPSS

Процентиль: 8%

0.00029

Низкий

6.6 Medium

CVSS3

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-316

CWE-312

Связанные уязвимости

GHSA-jfgv-77w2-93rx

CVSS3: 5.5

github

больше 3 лет назад

EPSS

Процентиль: 8%

0.00029

Низкий

6.6 Medium

CVSS3

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-316

CWE-312