exploitDog

CVE-2021-33210

Опубликовано: 03 нояб. 2021

Источник: nvd

CVSS3: 4.3

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in Fimer Aurora Vision before 2.97.10. An attacker can (in the WebUI) obtain plant information without authentication by reading the response of APIs from a kiosk view of a plant.

Ссылки

https://fimeronline.sharepoint.com/:b:/s/GLB-publicsp/EZGyNsndR-hNgtWtDsxoRAoBchaLX4o7RWdTiX1qgD19WQ?e=I9uW0p
Vendor Advisory
https://twitter.com/FIMERspa
Third Party Advisory
https://fimeronline.sharepoint.com/:b:/s/GLB-publicsp/EZGyNsndR-hNgtWtDsxoRAoBchaLX4o7RWdTiX1qgD19WQ?e=I9uW0p
Vendor Advisory
https://twitter.com/FIMERspa
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fimer:aurora_vision:*:*:*:*:*:*:*:*

Версия до 2.97.10 (исключая)

EPSS

Процентиль: 41%

0.00188

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-cqvg-wfh9-39xv

github

больше 3 лет назад

An issue was discovered in Fimer Aurora Vision before 2.97.10. An attacker can (in the WebUI) obtain plant information without authentication by reading the response of APIs from a kiosk view of a plant.

EPSS

Процентиль: 41%

0.00188

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-287