ByteOS Network

Vulnerability Details :

CVE-2021-23261

Summary

Assigner-crafter

Assigner Org ID-4ff2b028-869f-4b00-a7b2-05997f6f14fd

Published At-02 Dec, 2021 | 15:40

Updated At-17 Sep, 2024 | 01:57

Overriding the system configuration file causes a denial of service

Authenticated administrators may override the system configuration file and cause a denial of service.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:crafter

Assigner Org ID:4ff2b028-869f-4b00-a7b2-05997f6f14fd

Published At:02 Dec, 2021 | 15:40

Updated At:17 Sep, 2024 | 01:57

▼CVE Numbering Authority (CNA)

Overriding the system configuration file causes a denial of service

Authenticated administrators may override the system configuration file and cause a denial of service.

Affected Products

Vendor

Crafter Software

Product

Crafter CMS

Versions

Affected

From 3.1 before 3.1.13 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-703	CWE-703 Improper Check or Handling of Exceptional Conditions

Type: CWE

CWE ID: CWE-703

Description: CWE-703 Improper Check or Handling of Exceptional Conditions

Metrics

Version	Base score	Base severity	Vector
3.1	4.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

Version: 3.1

Base score: 4.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

Credits

Kai Zhao (ToTU Security Team)

References

Hyperlink	Resource
https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120104	x_refsource_MISC

Hyperlink: https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120104

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120104	x_refsource_MISC x_transferred

Hyperlink: https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120104

Resource:

x_refsource_MISC

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:security@craftersoftware.com

Published At:02 Dec, 2021 | 16:15

Updated At:03 Dec, 2021 | 14:41

Authenticated administrators may override the system configuration file and cause a denial of service.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	4.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Secondary	3.1	4.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
Primary	2.0	4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:N/A:P

Type: Primary

Version: 3.1

Base score: 4.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 4.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

Type: Primary

Version: 2.0

Base score: 4.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:N/I:N/A:P

CPE Matches

craftercms>>crafter_cms>>Versions from 3.1.0(inclusive) to 3.1.13(exclusive)

cpe:2.3:a:craftercms:crafter_cms:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov
CWE-703	Secondary	security@craftersoftware.com

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-703

Type: Secondary

Source: security@craftersoftware.com

References

Hyperlink	Source	Resource
https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120104	security@craftersoftware.com	Vendor Advisory

Hyperlink: https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120104

Source: security@craftersoftware.com

Resource:

Vendor Advisory

Similar CVEs

4Records found

CVE-2021-23265

Matching Score-8

Assigner-Crafter CMS

View Details

Matching Score-8

Assigner-Crafter CMS

CVSS Score-3.5||LOW

EPSS-0.38% / 58.49%

7 Day CHG~0.00%

Published-16 May, 2022 | 17:05

Updated-16 Sep, 2024 | 20:36

Improper Privilege Management in Crafter Studio

A logged-in and authenticated user with a Reviewer Role may lock a content item.

Vendor-craftercms Crafter Software

Product-crafter_cms Crafter CMS

CWE ID-CWE-269

Improper Privilege Management

CVE-2024-39945

Matching Score-4

Assigner-Dahua Technologies

View Details

Matching Score-4

Assigner-Dahua Technologies

CVSS Score-4.9||MEDIUM

EPSS-0.23% / 45.46%

7 Day CHG~0.00%

Published-31 Jul, 2024 | 03:16

Updated-27 Mar, 2025 | 16:15

A vulnerability has been found in Dahua products. After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash.

Vendor-Dahua Technology Co., Ltd

CWE ID-CWE-703

Improper Check or Handling of Exceptional Conditions

CVE-2019-10927

Matching Score-4

Assigner-Siemens

View Details

Matching Score-4

Assigner-Siemens

CVSS Score-6.5||MEDIUM

EPSS-0.61% / 68.76%

7 Day CHG~0.00%

Published-13 Aug, 2019 | 18:55

Updated-04 Aug, 2024 | 22:40

A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). An authenticated attacker with network access to to port 22/tcp of an affected device may cause a Denial-of-Service condition. The security vulnerability could be exploited by an authenticated attacker with network access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the availability of the affected device.

Vendor-Siemens AG

Product-scalance_xp-200_firmware scalance_xb-200_firmware scalance_xf-200ba_firmware scalance_xc-200_firmware scalance_xc-200 scalance_xb-200 scalance_xr-300wg_firmware scalance_xr-300wg scalance_xp-200 scalance_xf-200ba SCALANCE XR-300WG SCALANCE XF-200BA SCALANCE SC-600 SCALANCE XP-200 SCALANCE XC-200 SCALANCE XB-200

CWE ID-CWE-703

Improper Check or Handling of Exceptional Conditions

CVE-2024-37992

Matching Score-4

Assigner-Siemens

View Details

Matching Score-4

Assigner-Siemens

CVSS Score-5.9||MEDIUM

EPSS-0.23% / 45.46%

7 Day CHG~0.00%

Published-10 Sep, 2024 | 09:36

Updated-18 Sep, 2024 | 15:31

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected devices does not properly handle the error in case of exceeding characters while setting SNMP leading to the restart of the application.

Vendor-Siemens AG

CWE ID-CWE-703

Improper Check or Handling of Exceptional Conditions

CVE-2021-23261

Credits

Overriding the system configuration file causes a denial of service

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs