{"id": "CVE-2021-32984", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-04-04T20:15:09.100", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-288"}]}], "descriptions": [{"lang": "en", "value": "All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project without authorization."}, {"lang": "es", "value": "Todas las conexiones de programaci\u00f3n reciben los mismos privilegios desbloqueados, lo que puede resultar en una escalada de privilegios. Durante el tiempo que los M\u00f3dulos de CPU de PLC CLICK de Automation Direct: CPUs C0-1x con versiones de firmware anteriores a v3.00, es desbloqueado por un usuario autorizado, un atacante puede conectarse al PLC y leer el proyecto sin autorizaci\u00f3n"}], "lastModified": "2022-04-13T13:15:07.693", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-10dd1e-d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "809BA584-F893-4DE1-ABFF-159EEAA358FF", "versionEndExcluding": "3.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-10dd1e-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A81E6705-D033-4024-8FA5-3B8126BA99DA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-10dd2e-d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D135DAD-1CC9-4489-A0A1-4A9B08F5BA5B", "versionEndExcluding": "3.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-10dd2e-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8F590AF4-E9CB-4C9A-B1A9-6181FBC81336"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-10dre-d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D76AFBCC-2260-4E5D-8534-D7157A8B363A", "versionEndExcluding": "3.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-10dre-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F690E38A-3290-4331-BCE0-0EC147805556"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-10are-d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CEF7DCB-3CF4-4A64-971F-C0287E294CBA", "versionEndExcluding": "3.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-10are-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5D7D9142-7F82-4E45-A306-4A899E3ABF4F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-11dd1e-d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F949EF9C-5F50-4D10-8D25-D0C56657C0D1", "versionEndExcluding": "3.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-11dd1e-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "97209878-20DD-4121-A1D5-A4D96911FEE7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-11dd2e-d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "335D4844-DE34-4806-9B76-E2B4AD91DA96", "versionEndExcluding": "3.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-11dd2e-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E60966AB-7ACE-42EC-AEC6-8CDC05598916"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-11dre-d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5A5E2F8-C024-4DCC-923A-983379B0A645", "versionEndExcluding": "3.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-11dre-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FB2E6605-6623-47CF-8632-10BDF2793189"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-11are-d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C026105-7051-4F16-BC05-3AC15AA18506", "versionEndExcluding": "3.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-11are-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "13C86840-19DF-4F2F-B2AC-ECC37D915E76"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7DFCF51-8057-46B0-9692-691D8190EC8A", "versionEndExcluding": "3.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A0341C73-C0B9-4FAD-B254-BF2B9899C4E4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A77D3278-58CD-4715-851A-BD4298C1EBD4", "versionEndExcluding": "3.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7942D90E-3014-4802-89EE-1CA9708A92D8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-12dre-d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16FA238D-3252-4207-BCB0-17E2E53A6A4B", "versionEndExcluding": "3.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-12dre-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "345CC4B9-6EE6-4B0B-87A6-941F7A581191"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-12are-d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6974892E-A4BD-4D1A-B029-763FA5EC1458", "versionEndExcluding": "3.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-12are-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A273D864-AE1A-411C-BBD7-4907DD8B349E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-1-d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D2CC279-840B-4688-B981-11CEC476BEB9", "versionEndExcluding": "3.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-1-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4B3F7FA9-A7D4-499E-8C52-155FB93E6522"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-1-d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A25805A-F49D-4305-8108-F4D509304213", "versionEndExcluding": "3.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-1-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "464C9AF0-BA89-4989-BE03-D0C30B3BEFFA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-12dre-1-d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFBC8833-C0B8-4D23-A1D2-55FAFAA48BA7", "versionEndExcluding": "3.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-12dre-1-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6415993D-A15E-4295-B151-8388550156A3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-12are-1-d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8121DA90-D68C-46B6-9B8B-468F3F5E7CAA", "versionEndExcluding": "3.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-12are-1-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B04C302C-DB3D-4B3B-BE7C-5AD621AEF02A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-12dd1e-2-d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79E1F884-FA09-45E7-BFC0-F7482EA5A8BA", "versionEndExcluding": "3.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-12dd1e-2-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B362D366-AD0C-4D78-91EF-67F205550820"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-12dd2e-2-d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F74838CA-C58B-427F-9429-080D8CE5217E", "versionEndExcluding": "3.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-12dd2e-2-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E4F5F7E6-34EA-44A9-B26D-C8B7E281FB31"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-12dre-2-d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D3184B1-9DDE-4661-A225-AB32D81A84A8", "versionEndExcluding": "3.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-12dre-2-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5AA4EA2B-77A8-4852-A84D-FB8B67F64393"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:c0-12are-2-d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4BADBAD-0F6B-4CE4-BFB6-9018BDE278BC", "versionEndExcluding": "3.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:c0-12are-2-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "00066AE3-08DF-4CCC-97A6-A4D8A4BC40F3"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}