Details of VAR-202106-1515

ID

VAR-202106-1515

CVE

CVE-2021-33842

TITLE

Circutor SGE-PLC1000 Firmware authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-008130

DESCRIPTION

Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located. Circutor SGE-PLC1000 There is an authentication vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Circutor SGE-PLC1000 is a smart metering system equipment. The main function is to manage the mains power through CIRWATT meters or other meters using PRIME technology. The Circutor SGE-PLC1000 firmware version 0.9.2b has an authorization issue vulnerability

Trust: 2.16

sources: NVD: CVE-2021-33842 // JVNDB: JVNDB-2021-008130 // CNVD: CNVD-2021-61768

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-61768

AFFECTED PRODUCTS

vendor:	circutor	model:	sge-plc1000	scope:	eq	version:	0.9.2b	Trust: 1.0
vendor:	circutor	model:	sge-plc1000	scope:	eq	version:	sge-plc1000 firmware 0.9.2b	Trust: 0.8
vendor:	circutor	model:	sge-plc1000	scope:	eq	version:	-	Trust: 0.8
vendor:	circutor	model:	sge-plc1000 0.9.2b	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-61768 // JVNDB: JVNDB-2021-008130 // NVD: CVE-2021-33842

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33842
value:	HIGH
Trust: 1.0
cve-coordination@incibe.es:	CVE-2021-33842
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-33842
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-61768
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202106-728
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-33842
severity:	HIGH
baseScore:	7.7
vectorString:	AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-61768
severity:	HIGH
baseScore:	7.7
vectorString:	AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-33842
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2021-33842
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-61768 // JVNDB: JVNDB-2021-008130 // CNNVD: CNNVD-202106-728 // NVD: CVE-2021-33842 // NVD: CVE-2021-33842

PROBLEMTYPE DATA

problemtype:	CWE-565	Trust: 1.0
problemtype:	Improper authentication (CWE-287) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-008130 // NVD: CVE-2021-33842

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202106-728

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202106-728

PATCH

title:

Top Page

url:

http://circutor.com/en

Trust: 0.8

sources: JVNDB: JVNDB-2021-008130

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33842	Trust: 3.8
db:	JVNDB	id:	JVNDB-2021-008130	Trust: 0.8
db:	CNVD	id:	CNVD-2021-61768	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-728	Trust: 0.6

sources: CNVD: CNVD-2021-61768 // JVNDB: JVNDB-2021-008130 // CNNVD: CNNVD-202106-728 // NVD: CVE-2021-33842

REFERENCES

url:	https://www.incibe-cert.es/en/early-warning/ics-advisories/circutor-sge-plc1000-improper-authentication	Trust: 2.0
url:	https://www.incibe.es/en/incibe-cert/notices/aviso-sci/circutor-sge-plc1000-improper-authentication	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33842	Trust: 0.8

sources: CNVD: CNVD-2021-61768 // JVNDB: JVNDB-2021-008130 // CNNVD: CNNVD-202106-728 // NVD: CVE-2021-33842

SOURCES

db:	CNVD	id:	CNVD-2021-61768
db:	JVNDB	id:	JVNDB-2021-008130
db:	CNNVD	id:	CNNVD-202106-728
db:	NVD	id:	CVE-2021-33842

LAST UPDATE DATE

2024-08-14T15:33:07.412000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-61768	date:	2021-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-008130	date:	2022-03-04T07:19:00
db:	CNNVD	id:	CNNVD-202106-728	date:	2022-10-26T00:00:00
db:	NVD	id:	CVE-2021-33842	date:	2023-11-23T14:15:07.440

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-61768	date:	2021-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-008130	date:	2022-03-04T00:00:00
db:	CNNVD	id:	CNNVD-202106-728	date:	2021-06-09T00:00:00
db:	NVD	id:	CVE-2021-33842	date:	2021-06-09T12:15:07.957