CVE-2021-42833 - OpenCVE

A Use of Hardcoded Credentials vulnerability exists in AquaView versions 1.60, 7.x, and 8.x that could allow an authenticated local attacker to manipulate users and system settings.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Xylem	Aquaview

Configuration 1 [-]

OR	cpe:2.3:a:xylem:aquaview::::::::
	cpe:2.3:a:xylem:aquaview:1.60:::::::*

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-01	Third Party Advisory US Government Resource
https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xpsa-aquaview-v5.0.pdf	Mitigation Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-12-16T00:00:00

Updated: 2022-02-07T19:01:29

Reserved: 2021-10-22T00:00:00

Link: CVE-2021-42833

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-02-07T19:15:08.213

Modified: 2022-02-14T21:24:55.627

Link: CVE-2021-42833

JSON object: View

Redhat Information

No data.

CWE

CWE-798

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2021-12-16T00:00:00", "descriptions": [{"lang": "en", "value": "A Use of Hardcoded Credentials vulnerability exists in AquaView versions 1.60, 7.x, and 8.x that could allow an authenticated local attacker to manipulate users and system settings."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-02-07T19:01:29", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xpsa-aquaview-v5.0.pdf"}, {"name": "ICS-CERT Advisory", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-01"}], "solutions": [{"lang": "en", "value": "Xylem recommends that AquaView customers implement new security settings. "}], "source": {"discovery": "INTERNAL"}, "title": "Use of hardcoded credentials impacting AquaView versions 1.60, 7.x, 8.x", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_PUBLIC": "2021-12-16T18:00:00.000Z", "ID": "CVE-2021-42833", "STATE": "PUBLIC", "TITLE": "Use of hardcoded credentials impacting AquaView versions 1.60, 7.x, 8.x"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Use of Hardcoded Credentials vulnerability exists in AquaView versions 1.60, 7.x, and 8.x that could allow an authenticated local attacker to manipulate users and system settings."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xpsa-aquaview-v5.0.pdf", "refsource": "CONFIRM", "url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xpsa-aquaview-v5.0.pdf"}, {"name": "ICS-CERT Advisory", "refsource": "CERT", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-01"}]}, "solution": [{"lang": "en", "value": "Xylem recommends that AquaView customers implement new security settings. "}], "source": {"discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-42833", "datePublished": "2021-12-16T00:00:00", "dateReserved": "2021-10-22T00:00:00", "dateUpdated": "2022-02-07T19:01:29", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xylem:aquaview:*:*:*:*:*:*:*:*", "matchCriteriaId": "221E3A17-1E86-49D8-8D82-0A5A35D818E5", "versionEndExcluding": "8.0.1", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xylem:aquaview:1.60:*:*:*:*:*:*:*", "matchCriteriaId": "1AD22439-010C-47C7-96E0-5B3E9303C9EB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Use of Hardcoded Credentials vulnerability exists in AquaView versions 1.60, 7.x, and 8.x that could allow an authenticated local attacker to manipulate users and system settings."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de uso de credenciales embebidas en AquaView versiones 1.60, 7.x y 8.x, que podr\u00eda permitir a un atacante local autenticado manipular usuarios y configuraciones del sistema"}], "id": "CVE-2021-42833", "lastModified": "2022-02-14T21:24:55.627", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 6.0, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2022-02-07T19:15:08.213", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-01"}, {"source": "cve@mitre.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xpsa-aquaview-v5.0.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}