MidnightBSD

Advisories for zivautomation

CVE-2021-25909 MEDIUM

ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, allows an unauthenticated, remote attacker to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending specific packets to the port 7919.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve-coordination@incibe.es 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
zivautomation 4cct-ea6-334126bf_firmware 3.23.80.27.36371
CVE-2021-25910 LOW

Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6
cve-coordination@incibe.es 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
zivautomation 4cct-ea6-334126bf_firmware 3.23.77.8.33251