PT-2021-15219 · Unknown · Interactive Graphical Scada System Data Collector

Published

2021-10-14

Updated

2022-02-18

CVE-2021-22805

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Interactive Graphical SCADA System Data Collector (dc.exe) version 15.0.0.21243 and prior

Description A missing authentication issue for critical functions could allow the deletion of arbitrary files in the context of the user running the software due to a lack of validation of network messages.

Recommendations For versions 15.0.0.21243 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2021-22805

ZDI-21-1149

Affected Products

Interactive Graphical Scada System Data Collector

PT-2021-15219 · Unknown · Interactive Graphical Scada System Data Collector

CVE-2021-22805

Weakness Enumeration

Related Identifiers

Affected Products

References · 4