CVE-2021-32957 - OpenCVE

A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is therefore vulnerable to binary hijacking.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Auvesy-mdt	Autosave Autosave For System Platform

Configuration 1 [-]

OR	cpe:2.3:a:auvesy-mdt:autosave::::::::
	cpe:2.3:a:auvesy-mdt:autosave::::::::
	cpe:2.3:a:auvesy-mdt:autosave_for_system_platform::::::::
	cpe:2.3:a:auvesy-mdt:autosave_for_system_platform:5.00:::::::*

No data.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-21-189-02

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-04-01T22:17:08

Updated: 2024-08-03T23:33:56.379Z

Reserved: 2021-05-13T00:00:00

Link: CVE-2021-32957

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-04-01T23:15:09.757

Modified: 2022-04-11T17:19:06.740

Link: CVE-2021-32957

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "MDT AutoSave", "vendor": "MDT Software", "versions": [{"lessThan": "6.02.06", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "MDT AutoSave", "vendor": "MDT Software", "versions": [{"lessThan": "7.04", "status": "affected", "version": "7.00", "versionType": "custom"}]}, {"product": "AutoSave for System Platform (A4SP)", "vendor": "MDT Software", "versions": [{"lessThan": "4.01", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "A4SP", "vendor": "MDT Software", "versions": [{"status": "affected", "version": "5.00"}]}], "credits": [{"lang": "en", "value": "Amir Preminger of Claroty Research reported these vulnerabilities to MDT Software."}], "descriptions": [{"lang": "en", "value": "A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is therefore vulnerable to binary hijacking."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89: SQL Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-01T22:17:08", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-189-02"}], "solutions": [{"lang": "en", "value": "Updated versions of MDT AutoSave and AutoSave for System Platform (A4SP) were developed to address these vulnerabilities as follows:\nMDT AutoSave 6.x version: Version 6.02.06 (Released January 2021)\nMDT AutoSave 7.x version: Version 7.05 (Released December 2020)\nA4SP 4.x version: Version 4.01 (Released June 2021)\nA4SP 5.x version: Version 5.01 (Released May 2021)\n\nFor more information about these vulnerabilities, and to obtain and install the new versions, please contact MDT Software customer support."}], "source": {"discovery": "EXTERNAL"}, "title": "MDT AutoSave Uncontrolled Search Path Element", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-32957", "STATE": "PUBLIC", "TITLE": "MDT AutoSave Uncontrolled Search Path Element"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MDT AutoSave", "version": {"version_data": [{"version_affected": "<", "version_value": "6.02.06"}]}}, {"product_name": "MDT AutoSave", "version": {"version_data": [{"version_affected": "<", "version_name": "7.00", "version_value": "7.04"}]}}, {"product_name": "AutoSave for System Platform (A4SP)", "version": {"version_data": [{"version_affected": "<", "version_value": "4.01"}]}}, {"product_name": "A4SP", "version": {"version_data": [{"version_affected": "=", "version_value": "5.00"}]}}]}, "vendor_name": "MDT Software"}]}}, "credit": [{"lang": "eng", "value": "Amir Preminger of Claroty Research reported these vulnerabilities to MDT Software."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is therefore vulnerable to binary hijacking."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89: SQL Injection"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-189-02", "refsource": "CONFIRM", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-189-02"}]}, "solution": [{"lang": "en", "value": "Updated versions of MDT AutoSave and AutoSave for System Platform (A4SP) were developed to address these vulnerabilities as follows:\nMDT AutoSave 6.x version: Version 6.02.06 (Released January 2021)\nMDT AutoSave 7.x version: Version 7.05 (Released December 2020)\nA4SP 4.x version: Version 4.01 (Released June 2021)\nA4SP 5.x version: Version 5.01 (Released May 2021)\n\nFor more information about these vulnerabilities, and to obtain and install the new versions, please contact MDT Software customer support."}], "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:33:56.379Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-189-02"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-32957", "datePublished": "2022-04-01T22:17:08", "dateReserved": "2021-05-13T00:00:00", "dateUpdated": "2024-08-03T23:33:56.379Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:auvesy-mdt:autosave:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F0612E0-E5EE-45B1-B49C-BD1296B9EACB", "versionEndExcluding": "6.02.06", "vulnerable": true}, {"criteria": "cpe:2.3:a:auvesy-mdt:autosave:*:*:*:*:*:*:*:*", "matchCriteriaId": "8450FA45-0C07-42D5-B817-AC990579D4F6", "versionEndIncluding": "7.04", "versionStartIncluding": "7.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:auvesy-mdt:autosave_for_system_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "DDA02918-09D4-43B6-95E6-3023E3DEE57A", "versionEndExcluding": "4.01", "vulnerable": true}, {"criteria": "cpe:2.3:a:auvesy-mdt:autosave_for_system_platform:5.00:*:*:*:*:*:*:*", "matchCriteriaId": "682D5F51-4153-47C3-961C-6C5B4A124E3D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is therefore vulnerable to binary hijacking."}, {"lang": "es", "value": "Una funci\u00f3n en MDT AutoSave versiones anteriores a v6.02.06, es usado para recuperar informaci\u00f3n del sistema para un proceso espec\u00edfico, y esta recopilaci\u00f3n de informaci\u00f3n ejecuta m\u00faltiples comandos y resume la informaci\u00f3n en un XML. Esta funci\u00f3n y el proceso subsiguiente dan la ruta completa al ejecutable y, por lo tanto, son vulnerables al secuestro binario"}], "id": "CVE-2021-32957", "lastModified": "2022-04-11T17:19:06.740", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2022-04-01T23:15:09.757", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-189-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}