CVE Vulnerabilities

CVE-2021-22661

Published: Feb 26, 2021 | Modified: Mar 05, 2021

CVSS 3.x

7.5

HIGH

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS 2.x

5 MEDIUM

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-22661
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and prior).

Affected Software

Name	Vendor	Start Version	End Version
Icx35-hwc-a_firmware	Prosoft-technology	*	1.9.62 (including)

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-056-04

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.