Sign-up

ID

VAR-202111-0013


CVE

CVE-2021-42699


TITLE

DAQFactory  Vulnerability in plaintext transmission of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2021-003936

DESCRIPTION

The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account. DAQFactory Contains a vulnerability in the transmission of important information in clear text.Information may be obtained. DAQFactory is a software and application development platform that provides various tools that allow you to easily create HMI/SCADA applications. A plaintext transmission vulnerability exists in DAQFactory 18.1 Build 2347 and earlier

Trust: 2.16

sources: NVD: CVE-2021-42699 // JVNDB: JVNDB-2021-003936 // CNVD: CNVD-2021-85893

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-85893

AFFECTED PRODUCTS

vendor:azeotechmodel:daqfactoryscope:eqversion:18.1

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:lteversion:18.1

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion: -

Trust: 0.8

vendor:azeotechmodel:daqfactoryscope: - version: -

Trust: 0.8

vendor:azeotechmodel:daqfactory buildscope:lteversion:<=18.12347

Trust: 0.6

sources: CNVD: CNVD-2021-85893 // JVNDB: JVNDB-2021-003936 // NVD: CVE-2021-42699

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-42699
value: MEDIUM

Trust: 1.8

ics-cert@hq.dhs.gov: CVE-2021-42699
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2021-85893
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202111-469
value: MEDIUM

Trust: 0.6

NVD:
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2021-42699
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-85893
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

NVD:
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov:
baseSeverity: MEDIUM
baseScore: 5.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-42699
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-85893 // JVNDB: JVNDB-2021-003936 // NVD: CVE-2021-42699 // NVD: CVE-2021-42699 // CNNVD: CNNVD-202111-469

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.0

problemtype:Sending important information in clear text (CWE-319) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-003936 // NVD: CVE-2021-42699

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-469

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202111-469

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-42699

PATCH
title:Top Pageurl:https://www.azeotech.com/j/index.php
Trust: 0.8
title:AzeoTech DAQFactory Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=169059
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-003936 // 
            
            
            
            CNNVD: CNNVD-202111-469

EXTERNAL IDS
db:ICS CERTid:ICSA-21-308-02
Trust: 3.0
db:NVDid:CVE-2021-42699
Trust: 3.0
db:JVNid:JVNVU91156086
Trust: 0.8
db:JVNDBid:JVNDB-2021-003936
Trust: 0.8
db:CNVDid:CNVD-2021-85893
Trust: 0.6
db:AUSCERTid:ESB-2021.3696
Trust: 0.6
db:CS-HELPid:SB2021110801
Trust: 0.6
db:CNNVDid:CNNVD-202111-469
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-85893 // 
            
            
            
            JVNDB: JVNDB-2021-003936 // 
            
            
            
            NVD: CVE-2021-42699 // 
            
            
            
            CNNVD: CNNVD-202111-469

REFERENCES
url:https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02
Trust: 3.0
url:https://jvn.jp/vu/jvnvu91156086/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2021-42699
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2021.3696
Trust: 0.6
url:https://www.cybersecurity-help.cz/vdb/sb2021110801
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-85893 // 
            
            
            
            JVNDB: JVNDB-2021-003936 // 
            
            
            
            NVD: CVE-2021-42699 // 
            
            
            
            CNNVD: CNNVD-202111-469

SOURCES
db:CNVDid:CNVD-2021-85893
db:JVNDBid:JVNDB-2021-003936
db:NVDid:CVE-2021-42699
db:CNNVDid:CNNVD-202111-469

LAST UPDATE DATE
2023-12-18T13:22:41.470000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-85893date:2022-01-18T00:00:00
db:JVNDBid:JVNDB-2021-003936date:2021-11-10T09:12:00
db:NVDid:CVE-2021-42699date:2021-11-09T14:35:52.460
db:CNNVDid:CNNVD-202111-469date:2021-11-10T00:00:00

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-85893date:2021-11-10T00:00:00
db:JVNDBid:JVNDB-2021-003936date:2021-11-10T00:00:00
db:NVDid:CVE-2021-42699date:2021-11-05T16:15:07.883
db:CNNVDid:CNNVD-202111-469date:2021-11-05T00:00:00