CVE-2021-26726

A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021.
Configurations

Configuration 1 (hide)

cpe:2.3:a:valmet:dna:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:56

Type Values Removed Values Added
References () https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/ - Third Party Advisory () https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/ - Third Party Advisory
References () https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/ - Vendor Advisory () https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/ - Vendor Advisory

30 Jun 2023, 21:23

Type Values Removed Values Added
CWE CWE-326 CWE-330

24 Feb 2022, 16:03

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 8.3
v3 : 8.8
References (MISC) https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/ - (MISC) https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/ - Vendor Advisory
References (CONFIRM) https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/ - (CONFIRM) https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/ - Third Party Advisory
CPE cpe:2.3:a:valmet:dna:*:*:*:*:*:*:*:*
CWE CWE-326

16 Feb 2022, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-02-16 16:15

Updated : 2024-11-21 05:56


NVD link : CVE-2021-26726

Mitre link : CVE-2021-26726

CVE.ORG link : CVE-2021-26726


JSON object : View

Products Affected

valmet

  • dna
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-209

Generation of Error Message Containing Sensitive Information

CWE-272

Least Privilege Violation

CWE-305

Authentication Bypass by Primary Weakness

CWE-330

Use of Insufficiently Random Values