CVE-2021-27452 - Vulnerability Details - OpenCVE

The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1).

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ge	Mu320e Mu320e Firmware

Configuration 1 [-]

AND

cpe:2.3:o:ge:mu320e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:mu320e:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://us-cert.cisa.gov/ics/advisories/icsa-21-082-02

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2021-03-25T19:23:55

Updated: 2024-08-03T20:48:17.284Z

Reserved: 2021-02-19T00:00:00

Link: CVE-2021-27452

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-03-25T20:15:13.227

Modified: 2024-11-21T05:58:01.053

Link: CVE-2021-27452

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "MU320E", "vendor": "n/a", "versions": [{"status": "affected", "version": "All firmware versions prior to v04A00.1"}]}], "descriptions": [{"lang": "en", "value": "The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1)."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-259", "description": "USE OF HARD-CODED PASSWORD CWE-259", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-25T19:23:55", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-27452", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MU320E", "version": {"version_data": [{"version_value": "All firmware versions prior to v04A00.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "USE OF HARD-CODED PASSWORD CWE-259"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-02", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-02"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:48:17.284Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-02"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-27452", "datePublished": "2021-03-25T19:23:55", "dateReserved": "2021-02-19T00:00:00", "dateUpdated": "2024-08-03T20:48:17.284Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:mu320e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2B7FF17-31E3-4B8F-B1BE-DF91D6A0E654", "versionEndExcluding": "04a00.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:mu320e:-:*:*:*:*:*:*:*", "matchCriteriaId": "929DAA0C-CE27-4EE4-BD2A-14C55E3B4CEB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1)."}, {"lang": "es", "value": "El software contiene una contrase\u00f1a embebida que podr\u00eda permitir a un atacante tomar el control de la unidad de fusi\u00f3n usando estas credenciales embebidas en el MU320E (todas las versiones de firmware anteriores a v04A00.1)"}], "id": "CVE-2021-27452", "lastModified": "2024-11-21T05:58:01.053", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-25T20:15:13.227", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-259"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}