exploitDog

CVE-2021-37184

Опубликовано: 14 сент. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 6.8

EPSS Низкий

Описание

A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An unauthenticated attacker could change the the password of any user in the system under certain circumstances. With this an attacker could impersonate any valid user on an affected system.

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-692317.pdf
Patch
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-692317.pdf
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:siemens:industrial_edge_management:*:*:*:*:*:*:*:*

Версия до 1.3 (исключая)

EPSS

Процентиль: 66%

0.00517

Низкий

9.8 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-639

Связанные уязвимости

GHSA-x36w-m8p6-4mc4

github

больше 3 лет назад

A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An unauthenticated attacker could change the the password of any user in the system under certain circumstances. With this an attacker could impersonate any valid user on an affected system.

EPSS

Процентиль: 66%

0.00517

Низкий

9.8 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-639