Vulnerability Description
Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and prior).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Prosoft-Technology | Icx35-Hwc-A Firmware | <= 1.9.62 |
| Prosoft-Technology | Icx35-Hwc-A | - |
| Prosoft-Technology | Icx35-Hwc-E Firmware | <= 1.9.62 |
| Prosoft-Technology | Icx35-Hwc-E | - |
Related Weaknesses (CWE)
References
- https://us-cert.cisa.gov/ics/advisories/icsa-21-056-04Third Party AdvisoryUS Government Resource
- https://us-cert.cisa.gov/ics/advisories/icsa-21-056-04Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2021-22661?
CVE-2021-22661 is a vulnerability with a CVSS score of 7.5 (HIGH). Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the ...
How severe is CVE-2021-22661?
CVE-2021-22661 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22661?
Check the references section above for vendor advisories and patch information. Affected products include: Prosoft-Technology Icx35-Hwc-A Firmware, Prosoft-Technology Icx35-Hwc-A, Prosoft-Technology Icx35-Hwc-E Firmware, Prosoft-Technology Icx35-Hwc-E.