admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 10:41:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2021/CVE-2021-32986.md

19 lines
1.0 KiB
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2021-32986](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32986)
![](https://img.shields.io/static/v1?label=Product&message=CLICK%20PLC%20CPU%20Modules%3A%20C0-1x%20CPUs&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%203.00%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-288%3A%20Authentication%20Bypass%20Using%20an%20Alternate%20Path%20or%20Channel&color=brighgreen)
### Description
After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/vishaalmehta1/AdeenAyub
Reference in New Issue Copy Permalink