Details of VAR-202111-0149

ID

VAR-202111-0149

CVE

CVE-2021-42543

TITLE

DAQFactory Vulnerability in using inherently dangerous features in

Trust: 0.8

sources: JVNDB: JVNDB-2021-003934

DESCRIPTION

The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown. DAQFactory There are vulnerabilities in the use of inherently dangerous features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. DAQFactory is a software and application development platform that provides various tools that allow you to easily create HMI/SCADA applications. DAQFactory 18.1 Build 2347 and earlier have security vulnerabilities

Trust: 2.16

sources: NVD: CVE-2021-42543 // JVNDB: JVNDB-2021-003934 // CNVD: CNVD-2021-85895

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-85895

AFFECTED PRODUCTS

vendor:	azeotech	model:	daqfactory	scope:	eq	version:	18.1	Trust: 1.0
vendor:	azeotech	model:	daqfactory	scope:	lte	version:	18.1	Trust: 1.0
vendor:	azeotech	model:	daqfactory	scope:	eq	version:	-	Trust: 0.8
vendor:	azeotech	model:	daqfactory	scope:	-	version:	-	Trust: 0.8
vendor:	azeotech	model:	daqfactory build	scope:	lte	version:	<=18.12347	Trust: 0.6

sources: CNVD: CNVD-2021-85895 // JVNDB: JVNDB-2021-003934 // NVD: CVE-2021-42543

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-42543
value:	HIGH
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2021-42543
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-42543
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-85895
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202111-467
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-42543
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-85895
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-42543
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-003934
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-85895 // JVNDB: JVNDB-2021-003934 // CNNVD: CNNVD-202111-467 // NVD: CVE-2021-42543 // NVD: CVE-2021-42543

PROBLEMTYPE DATA

problemtype:	CWE-242	Trust: 1.0
problemtype:	Use of inherently dangerous features (CWE-242) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-003934 // NVD: CVE-2021-42543

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202111-467

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202111-467

PATCH

title:	Top Page	url:	https://www.azeotech.com/j/index.php	Trust: 0.8
title:	AzeoTech DAQFactory Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=169057	Trust: 0.6

sources: JVNDB: JVNDB-2021-003934 // CNNVD: CNNVD-202111-467

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-21-308-02	Trust: 3.0
db:	NVD	id:	CVE-2021-42543	Trust: 3.0
db:	JVN	id:	JVNVU91156086	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-003934	Trust: 0.8
db:	CNVD	id:	CNVD-2021-85895	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3696	Trust: 0.6
db:	CS-HELP	id:	SB2021110801	Trust: 0.6
db:	CNNVD	id:	CNNVD-202111-467	Trust: 0.6

sources: CNVD: CNVD-2021-85895 // JVNDB: JVNDB-2021-003934 // CNNVD: CNNVD-202111-467 // NVD: CVE-2021-42543

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02	Trust: 3.0
url:	https://jvn.jp/vu/jvnvu91156086/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-42543	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.3696	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021110801	Trust: 0.6

sources: CNVD: CNVD-2021-85895 // JVNDB: JVNDB-2021-003934 // CNNVD: CNNVD-202111-467 // NVD: CVE-2021-42543

SOURCES

db:	CNVD	id:	CNVD-2021-85895
db:	JVNDB	id:	JVNDB-2021-003934
db:	CNNVD	id:	CNNVD-202111-467
db:	NVD	id:	CVE-2021-42543

LAST UPDATE DATE

2024-11-23T22:10:58.667000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-85895	date:	2022-01-18T00:00:00
db:	JVNDB	id:	JVNDB-2021-003934	date:	2021-11-10T09:12:00
db:	CNNVD	id:	CNNVD-202111-467	date:	2021-11-09T00:00:00
db:	NVD	id:	CVE-2021-42543	date:	2024-11-21T06:27:46.413

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-85895	date:	2021-11-10T00:00:00
db:	JVNDB	id:	JVNDB-2021-003934	date:	2021-11-10T00:00:00
db:	CNNVD	id:	CNNVD-202111-467	date:	2021-11-05T00:00:00
db:	NVD	id:	CVE-2021-42543	date:	2021-11-05T16:15:07.757