CVE-2021-26726

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Valmet DNA versions from Collection 2012 until Collection 2021

Description A remote code execution issue affects a Valmet DNA service listening on TCP port 1517, allowing an attacker to execute commands with SYSTEM privileges. The vulnerability is related to the lack of protection for transmitted data, which can enable a remote attacker to elevate their privileges in the system.

Recommendations For Valmet DNA versions from Collection 2012 until Collection 2021, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Cleartext Transmission of Sensitive Information

Use of Insufficiently Random Values

Generation of Error Message Containing Sensitive Information

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-305CWE-272CWE-319CWE-330CWE-209CWE-78

Related Identifiers

BDU:2022-06151

CVE-2021-26726

Affected Products

Valmet Dna

CVE-2021-26726

Weakness Enumeration

Related Identifiers

Affected Products

References · 7