CVE-2021-41298 - Vulnerability Details - OpenCVE

ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization and access the hidden resources in the system and execute privileged functionalities.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ecoa	Ecs Router Controller-ecs Ecs Router Controller-ecs Firmware Riskbuster Riskbuster Firmware Riskterminator

Configuration 1 [-]

AND

cpe:2.3:o:ecoa:ecs_router_controller-ecs_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ecoa:ecs_router_controller-ecs:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:ecoa:riskbuster_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ecoa:riskbuster:-:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:ecoa:riskterminator:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.spirityenterprise.com/pentest
https://www.spirityenterprise.com/managed-detection-response
https://www.spirityenterprise.com/virtual-ciso
https://www.twcert.org.tw/tw/cp-132-5134-39f74-1.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2021-09-30T10:41:02.047884Z

Updated: 2024-09-16T20:16:40.291Z

Reserved: 2021-09-15T00:00:00

Link: CVE-2021-41298

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-09-30T11:15:07.813

Modified: 2024-11-21T06:25:59.567

Link: CVE-2021-41298

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "ECS Router Controller ECS (FLASH)", "vendor": "ECOA", "versions": [{"lessThan": "unspecified", "status": "unknown", "version": "next of 0", "versionType": "custom"}]}, {"product": "RiskBuster Terminator E6L45", "vendor": "ECOA", "versions": [{"lessThan": "unspecified", "status": "unknown", "version": "next of 0", "versionType": "custom"}]}, {"product": "RiskBuster System RB 3.0.0", "vendor": "ECOA", "versions": [{"lessThan": "unspecified", "status": "unknown", "version": "next of 0", "versionType": "custom"}]}, {"product": "RiskBuster System TRANE 1.0", "vendor": "ECOA", "versions": [{"lessThan": "unspecified", "status": "unknown", "version": "next of 0", "versionType": "custom"}]}, {"product": "Graphic Control Software", "vendor": "ECOA", "versions": [{"lessThan": "unspecified", "status": "unknown", "version": "next of 0", "versionType": "custom"}]}, {"product": "SmartHome II E9246", "vendor": "ECOA", "versions": [{"lessThan": "unspecified", "status": "unknown", "version": "next of 0", "versionType": "custom"}]}, {"product": "RiskTerminator", "vendor": "ECOA", "versions": [{"lessThan": "unspecified", "status": "unknown", "version": "next of 0", "versionType": "custom"}]}], "datePublic": "2021-09-30T00:00:00", "descriptions": [{"lang": "en", "value": "ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization and access the hidden resources in the system and execute privileged functionalities."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-30T10:41:01", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.twcert.org.tw/tw/cp-132-5134-39f74-1.html"}], "solutions": [{"lang": "en", "value": "Contact tech support from ECOA."}], "source": {"advisory": "TVN-202109014", "discovery": "EXTERNAL"}, "title": "ECOA BAS controller - Improper Access Control", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2021-09-30T10:13:00.000Z", "ID": "CVE-2021-41298", "STATE": "PUBLIC", "TITLE": "ECOA BAS controller - Improper Access Control"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ECS Router Controller ECS (FLASH)", "version": {"version_data": [{"version_affected": "?>", "version_value": "0"}]}}, {"product_name": "RiskBuster Terminator E6L45", "version": {"version_data": [{"version_affected": "?>", "version_value": "0"}]}}, {"product_name": "RiskBuster System RB 3.0.0", "version": {"version_data": [{"version_affected": "?>", "version_value": "0"}]}}, {"product_name": "RiskBuster System TRANE 1.0", "version": {"version_data": [{"version_affected": "?>", "version_value": "0"}]}}, {"product_name": "Graphic Control Software", "version": {"version_data": [{"version_affected": "?>", "version_value": "0"}]}}, {"product_name": "SmartHome II E9246", "version": {"version_data": [{"version_affected": "?>", "version_value": "0"}]}}, {"product_name": "RiskTerminator", "version": {"version_data": [{"version_affected": "?>", "version_value": "0"}]}}]}, "vendor_name": "ECOA"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization and access the hidden resources in the system and execute privileged functionalities."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284 Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://www.twcert.org.tw/tw/cp-132-5134-39f74-1.html", "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-5134-39f74-1.html"}]}, "solution": [{"lang": "en", "value": "Contact tech support from ECOA."}], "source": {"advisory": "TVN-202109014", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:08:31.834Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.twcert.org.tw/tw/cp-132-5134-39f74-1.html"}]}]}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2021-41298", "datePublished": "2021-09-30T10:41:02.047884Z", "dateReserved": "2021-09-15T00:00:00", "dateUpdated": "2024-09-16T20:16:40.291Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ecoa:ecs_router_controller-ecs_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E80292D1-E3AD-42B6-A63E-3546010B97A3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ecoa:ecs_router_controller-ecs:-:*:*:*:*:*:*:*", "matchCriteriaId": "541B6C82-F00E-4BFC-9947-A55B2F4EDD06", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ecoa:riskbuster_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "19A28430-AB2B-423F-82D4-FC0E3A6DF335", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ecoa:riskbuster:-:*:*:*:*:*:*:*", "matchCriteriaId": "58A6F2A4-A7DA-4A88-B572-917FFC80ADC1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ecoa:riskterminator:-:*:*:*:*:*:*:*", "matchCriteriaId": "841DF575-8E63-4AB4-A6F9-77C28FC65BCE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization and access the hidden resources in the system and execute privileged functionalities."}, {"lang": "es", "value": "El controlador ECOA BAS es vulnerable a las referencias directas a objetos no seguro que se producen cuando la aplicaci\u00f3n proporciona acceso directo a objetos basados en la entrada suministrada por el usuario. Como resultado de esta vulnerabilidad, unos atacantes con privilegio de usuario general pueden omitir la autorizaci\u00f3n de forma remota y acceder a los recursos ocultos del sistema y ejecutar funcionalidades privilegiadas"}], "id": "CVE-2021-41298", "lastModified": "2024-11-21T06:25:59.567", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2021-09-30T11:15:07.813", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-5134-39f74-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-5134-39f74-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "twcert@cert.org.tw", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-639"}], "source": "nvd@nist.gov", "type": "Primary"}]}