CVE-2021-32942 - OpenCVE

The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Aveva	Intouch 2017 Intouch 2020

Configuration 1 [-]

OR	cpe:2.3:a:aveva:intouch_2017:-:update3::::::
	cpe:2.3:a:aveva:intouch_2020:-:::::::*
	cpe:2.3:a:aveva:intouch_2020:r2:::::::*

References

Link	Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-03	Patch Third Party Advisory US Government Resource
https://www.aveva.com/en/support/cyber-security-updates/	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2021-06-08T00:00:00

Updated: 2021-06-09T16:06:26

Reserved: 2021-05-13T00:00:00

Link: CVE-2021-32942

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-06-09T17:15:07.737

Modified: 2022-10-25T19:38:40.993

Link: CVE-2021-32942

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "InTouch", "vendor": "AVEVA", "versions": [{"lessThanOrEqual": "2020 R2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Ilya Karpov, Evgeniy Druzhinin, and Konstantin Kondratev of Rostelecom-Solar reported this vulnerability to AVEVA."}], "datePublic": "2021-06-08T00:00:00", "descriptions": [{"lang": "en", "value": "The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-316", "description": "CLEARTEXT STORAGE OF SENSITIVE INFORMATION IN MEMORY CWE-316", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-09T16:06:26", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-03"}, {"tags": ["x_refsource_MISC"], "url": "https://www.aveva.com/en/support/cyber-security-updates/"}], "solutions": [{"lang": "en", "value": "AVEVA recommends organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.\n\nUsers of InTouch 2020 R2 and all prior versions are affected and should first upgrade to one of the versions listed below, then apply the corresponding security update:\n\n InTouch 2020 R2: Update to InTouch 2020 R2 P01\n\nInTouch 2020: Update to Security Update 1216934InTouch 2017 U3 SP1 P01: Update to Security Update 1216933"}], "source": {"advisory": "ICSA-21-159-03 - AVEVA InTouch", "defect": ["CLEARTEXT", "STORAGE", "OF", "SENSITIVE", "INFORMATION", "IN", "MEMORY", "CWE-316"], "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2021-06-08T00:00:00.000Z", "ID": "CVE-2021-32942", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "InTouch", "version": {"version_data": [{"version_affected": "<=", "version_value": "2020 R2"}]}}]}, "vendor_name": "AVEVA"}]}}, "credit": [{"lang": "eng", "value": "Ilya Karpov, Evgeniy Druzhinin, and Konstantin Kondratev of Rostelecom-Solar reported this vulnerability to AVEVA."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CLEARTEXT STORAGE OF SENSITIVE INFORMATION IN MEMORY CWE-316"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-03", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-03"}, {"name": "https://www.aveva.com/en/support/cyber-security-updates/", "refsource": "MISC", "url": "https://www.aveva.com/en/support/cyber-security-updates/"}]}, "solution": [{"lang": "en", "value": "AVEVA recommends organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.\n\nUsers of InTouch 2020 R2 and all prior versions are affected and should first upgrade to one of the versions listed below, then apply the corresponding security update:\n\n InTouch 2020 R2: Update to InTouch 2020 R2 P01\n\nInTouch 2020: Update to Security Update 1216934InTouch 2017 U3 SP1 P01: Update to Security Update 1216933"}], "source": {"advisory": "ICSA-21-159-03 - AVEVA InTouch", "defect": ["CLEARTEXT", "STORAGE", "OF", "SENSITIVE", "INFORMATION", "IN", "MEMORY", "CWE-316"], "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-32942", "datePublished": "2021-06-08T00:00:00", "dateReserved": "2021-05-13T00:00:00", "dateUpdated": "2021-06-09T16:06:26", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:aveva:intouch_2017:-:update3:*:*:*:*:*:*", "matchCriteriaId": "3B981232-15DD-4AA5-9F13-5908BCC6E56B", "vulnerable": true}, {"criteria": "cpe:2.3:a:aveva:intouch_2020:-:*:*:*:*:*:*:*", "matchCriteriaId": "EADAE6E9-745F-4D31-8D30-AE0291E0E114", "vulnerable": true}, {"criteria": "cpe:2.3:a:aveva:intouch_2020:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB4919BB-CBEA-4F32-B780-1F382C8934D1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location."}, {"lang": "es", "value": "La vulnerabilidad podr\u00eda exponer credenciales en texto sin cifrar de AVEVA InTouch Runtime 2020 R2 y todas las versiones anteriores (WindowViewer) si un usuario autorizado privilegiado crea un volcado de memoria de diagn\u00f3stico del proceso y lo guarda en una ubicaci\u00f3n no protegida"}], "id": "CVE-2021-32942", "lastModified": "2022-10-25T19:38:40.993", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.2, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2021-06-09T17:15:07.737", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-03"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.aveva.com/en/support/cyber-security-updates/"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-316"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}