Sign-up

ID

VAR-202106-1514


CVE

CVE-2021-33841


TITLE

Circutor SGE-PLC1000 operating system command injection vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-61767 // CNNVD: CNNVD-202106-727

DESCRIPTION

SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges. SGE-PLC1000 The device has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Circutor SGE-PLC1000 is a smart metering system equipment. The main function is to manage the mains power through CIRWATT meters or other meters using PRIME technology. There is an operating system command injection vulnerability in the Circutor SGE-PLC1000 0.9.2b firmware version

Trust: 2.25

sources: NVD: CVE-2021-33841 // JVNDB: JVNDB-2021-008129 // CNVD: CNVD-2021-61767 // VULMON: CVE-2021-33841

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-61767

AFFECTED PRODUCTS

vendor:circutormodel:sge-plc1000scope:eqversion:0.9.2b

Trust: 1.0

vendor:circutormodel:sge-plc1000scope:eqversion:sge-plc1000 firmware 0.9.2b

Trust: 0.8

vendor:circutormodel:sge-plc1000scope:eqversion: -

Trust: 0.8

vendor:circutormodel:sge-plc1000 0.9.2bscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-61767 // JVNDB: JVNDB-2021-008129 // NVD: CVE-2021-33841

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-33841
value: CRITICAL

Trust: 1.0

cve-coordination@incibe.es: CVE-2021-33841
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-33841
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2021-61767
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202106-727
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-33841
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-33841
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-61767
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-33841
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve-coordination@incibe.es: CVE-2021-33841
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-33841
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-61767 // VULMON: CVE-2021-33841 // JVNDB: JVNDB-2021-008129 // CNNVD: CNNVD-202106-727 // NVD: CVE-2021-33841 // NVD: CVE-2021-33841

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-008129 // NVD: CVE-2021-33841

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-727

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202106-727

PATCH

title:Top Pageurl:http://circutor.com/en

Trust: 0.8

title:Patch for Circutor SGE-PLC1000 operating system command injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/285731

Trust: 0.6

title:Circutor SGE-PLC1000 Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154898

Trust: 0.6

sources: CNVD: CNVD-2021-61767 // JVNDB: JVNDB-2021-008129 // CNNVD: CNNVD-202106-727

EXTERNAL IDS

db:NVDid:CVE-2021-33841

Trust: 3.9

db:JVNDBid:JVNDB-2021-008129

Trust: 0.8

db:CNVDid:CNVD-2021-61767

Trust: 0.6

db:CNNVDid:CNNVD-202106-727

Trust: 0.6

db:VULMONid:CVE-2021-33841

Trust: 0.1

sources: CNVD: CNVD-2021-61767 // VULMON: CVE-2021-33841 // JVNDB: JVNDB-2021-008129 // CNNVD: CNNVD-202106-727 // NVD: CVE-2021-33841

REFERENCES

url:https://www.incibe-cert.es/en/early-warning/ics-advisories/circutor-sge-plc1000-os-command-injection

Trust: 2.1

url:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/circutor-sge-plc1000-os-command-injection

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2021-33841

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2021-61767 // VULMON: CVE-2021-33841 // JVNDB: JVNDB-2021-008129 // CNNVD: CNNVD-202106-727 // NVD: CVE-2021-33841

SOURCES

db:CNVDid:CNVD-2021-61767
db:VULMONid:CVE-2021-33841
db:JVNDBid:JVNDB-2021-008129
db:CNNVDid:CNNVD-202106-727
db:NVDid:CVE-2021-33841

LAST UPDATE DATE

2024-08-14T13:43:28.147000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-61767date:2021-08-13T00:00:00
db:VULMONid:CVE-2021-33841date:2021-06-21T00:00:00
db:JVNDBid:JVNDB-2021-008129date:2022-03-04T07:19:00
db:CNNVDid:CNNVD-202106-727date:2021-06-28T00:00:00
db:NVDid:CVE-2021-33841date:2023-11-22T13:15:07.610

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-61767date:2021-08-13T00:00:00
db:VULMONid:CVE-2021-33841date:2021-06-09T00:00:00
db:JVNDBid:JVNDB-2021-008129date:2022-03-04T00:00:00
db:CNNVDid:CNNVD-202106-727date:2021-06-09T00:00:00
db:NVDid:CVE-2021-33841date:2021-06-09T12:15:07.893