ICSA-21-257-21 — Vulnetix

ICSA-21-257-21 PUBLISHED CVSS 9.800000190734863 CRITICAL

Successful exploitation of this vulnerability could allow an unauthenticated attacker to change the password of any user in the system resulting in the attacker being able to impersonate any valid user on the affected system.

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
	Industrial Edge Management: All versions prior to v1.3

Timeline

Sep 14, 2021 CVE Published

References

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-257-21.json advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-21-257-21 advisory
https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01 url
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B url
https://iehub.eu1.edge.siemens.cloud/ fix

Open in Interactive Console →