Vulnerabilities > CVE-2021-22661 - Unspecified vulnerability in Prosoft-Technology Icx35-Hwc-A Firmware and Icx35-Hwc-E Firmware

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

prosoft-technology

NVD

Published: 2021-02-26

Updated: 2021-03-05

Summary

Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and prior).

Vulnerable Configurations

Part	Description	Count
OS	Prosoft-Technology Prosoft Technology Icx35 HWC A Firmware * Prosoft Technology Icx35 HWC E Firmware *	2
Hardware	Prosoft-Technology Prosoft Technology Icx35 HWC A - Prosoft Technology Icx35 HWC E -	2

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-056-04