CVE-2021-32454 - OpenCVE

SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sitel-sa	Remote Cap\/prx Remote Cap\/prx Firmware

Configuration 1 [-]

AND

cpe:2.3:o:sitel-sa:remote_cap\/prx_firmware:5.2.01:*:*:*:*:*:*:*

cpe:2.3:h:sitel-sa:remote_cap\/prx:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-hardcoded-credentials

History

No history.

MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2021-05-17T17:36:30.615006Z

Updated: 2024-09-16T20:26:17.258Z

Reserved: 2021-05-07T00:00:00

Link: CVE-2021-32454

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-05-17T18:15:07.950

Modified: 2021-05-25T16:44:09.490

Link: CVE-2021-32454

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "CAP/PRX", "vendor": "SITEL", "versions": [{"status": "affected", "version": "5.2.01"}]}], "credits": [{"lang": "en", "value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."}], "datePublic": "2021-05-13T00:00:00", "descriptions": [{"lang": "en", "value": "SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-05-17T17:36:30", "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-hardcoded-credentials"}], "solutions": [{"lang": "en", "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."}], "source": {"advisory": "INCIBE-2021-0179", "discovery": "EXTERNAL"}, "title": "SITEL CAP/PRX hardcoded credentials", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-coordination@incibe.es", "DATE_PUBLIC": "2021-05-13T10:00:00.000Z", "ID": "CVE-2021-32454", "STATE": "PUBLIC", "TITLE": "SITEL CAP/PRX hardcoded credentials"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CAP/PRX", "version": {"version_data": [{"version_affected": "=", "version_name": "5.2.01", "version_value": "5.2.01"}]}}]}, "vendor_name": "SITEL"}]}}, "credit": [{"lang": "eng", "value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-798 Use of Hard-coded Credentials"}]}]}, "references": {"reference_data": [{"name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-hardcoded-credentials", "refsource": "CONFIRM", "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-hardcoded-credentials"}]}, "solution": [{"lang": "en", "value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."}], "source": {"advisory": "INCIBE-2021-0179", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:17:29.537Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-hardcoded-credentials"}]}]}, "cveMetadata": {"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "assignerShortName": "INCIBE", "cveId": "CVE-2021-32454", "datePublished": "2021-05-17T17:36:30.615006Z", "dateReserved": "2021-05-07T00:00:00", "dateUpdated": "2024-09-16T20:26:17.258Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sitel-sa:remote_cap\\/prx_firmware:5.2.01:*:*:*:*:*:*:*", "matchCriteriaId": "88C3E5A3-A434-4CA7-879A-5C48F40CE784", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sitel-sa:remote_cap\\/prx:-:*:*:*:*:*:*:*", "matchCriteriaId": "67A775BE-51A9-4A77-B759-A9671775374A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access."}, {"lang": "es", "value": "SITEL CAP/PRX versiones del firmware 5.2.01, usa una contrase\u00f1a embebida. Un atacante con acceso al dispositivo podr\u00eda modificar estas credenciales, dejando a los administradores del dispositivo sin acceso"}], "id": "CVE-2021-32454", "lastModified": "2021-05-25T16:44:09.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "cve-coordination@incibe.es", "type": "Secondary"}]}, "published": "2021-05-17T18:15:07.950", "references": [{"source": "cve-coordination@incibe.es", "tags": ["Third Party Advisory"], "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-hardcoded-credentials"}], "sourceIdentifier": "cve-coordination@incibe.es", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "cve-coordination@incibe.es", "type": "Secondary"}]}