CVE-2021-37163

{"id": "CVE-2021-37163", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-08-02T13:15:07.800", "references": [{"url": "https://www.armis.com/PwnedPiper", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.swisslog-healthcare.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37163-bulletin---default-credentials-for-the-telnet-server.pdf?rev=da64c389a475494985b9fd2c2c508542&hash=466A7109AF08EBFF3756B2C25968ED5E", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20%2C%20%20CVE-2021-37164%20%204%20more%20rows%20", "source": "cve@mitre.org"}, {"url": "https://www.armis.com/PwnedPiper", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.swisslog-healthcare.com", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37163-bulletin---default-credentials-for-the-telnet-server.pdf?rev=da64c389a475494985b9fd2c2c508542&hash=466A7109AF08EBFF3756B2C25968ED5E", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20%2C%20%20CVE-2021-37164%20%204%20more%20rows%20", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded."}, {"lang": "es", "value": "Se ha detectado un problema de permisos no seguros en el panel de control HMI3 de Swisslog Healthcare Nexus operado por versiones de software anteriores a Nexus Software 7.2.5.7. El dispositivo presenta dos cuentas de usuario con contrase\u00f1as embebidas"}], "lastModified": "2024-11-21T06:14:45.907", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:swisslog-healthcare:hmi-3_control_panel_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9286DC1-0111-49C4-9BD4-1601AAD025A9", "versionEndExcluding": "7.2.5.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:swisslog-healthcare:hmi-3_control_panel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "92F48887-6E68-4A96-87F6-C8DB7773C4A2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}