CVE-2021-42833

Опубликовано: 07 фев. 2022

Источник: nvd

CVSS3: 9.3

CVSS3: 8.8

CVSS2: 4.6

EPSS Низкий

Описание

A Use of Hardcoded Credentials vulnerability exists in AquaView versions 1.60, 7.x, and 8.x that could allow an authenticated local attacker to manipulate users and system settings.

Ссылки

https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-01
Third Party Advisory
US Government Resource
https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xpsa-aquaview-v5.0.pdf
Mitigation
Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-01
Third Party Advisory
US Government Resource
https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xpsa-aquaview-v5.0.pdf
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:xylem:aquaview:*:*:*:*:*:*:*:*

Версия от 7.0.0 (включая) до 8.0.1 (исключая)

cpe:2.3:a:xylem:aquaview:1.60:*:*:*:*:*:*:*

EPSS

Процентиль: 11%

0.00038

Низкий

9.3 Critical

CVSS3

8.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-3jx4-rw6p-82pp

github

почти 4 года назад

A Use of Hardcoded Credentials vulnerability exists in AquaView versions 1.60, 7.x, and 8.x that could allow an authenticated local attacker to manipulate users and system settings.

EPSS

Процентиль: 11%

0.00038

Низкий

9.3 Critical

CVSS3

8.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-798