CVE-2021-33210

{"id": "CVE-2021-33210", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2021-11-03T10:15:07.693", "references": [{"url": "https://fimeronline.sharepoint.com/:b:/s/GLB-publicsp/EZGyNsndR-hNgtWtDsxoRAoBchaLX4o7RWdTiX1qgD19WQ?e=I9uW0p", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://twitter.com/FIMERspa", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://fimeronline.sharepoint.com/:b:/s/GLB-publicsp/EZGyNsndR-hNgtWtDsxoRAoBchaLX4o7RWdTiX1qgD19WQ?e=I9uW0p", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://twitter.com/FIMERspa", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Fimer Aurora Vision before 2.97.10. An attacker can (in the WebUI) obtain plant information without authentication by reading the response of APIs from a kiosk view of a plant."}, {"lang": "es", "value": "Se ha detectado un problema en Fimer Aurora Vision versiones anteriores a 2.97.10. Un atacante puede (en la Interfaz de Usuario Web) obtener informaci\u00f3n de la planta sin autenticaci\u00f3n al leer una lectura de la respuesta de las API de una visualizaci\u00f3n de quiosco de una planta"}], "lastModified": "2024-11-21T06:08:31.397", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fimer:aurora_vision:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C05743D8-025D-44D9-9759-7084D4F5DA04", "versionEndExcluding": "2.97.10"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}