← back
CVE-2021-22661

CVE-2021-22661

EPSS 1.0%CWE-264
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
26 Feb 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and prior).
Affected products
n/a · ICX35-HWC-A, ICX35-HWC-E

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://us-cert.cisa.gov/ics/advisories/icsa-21-056-04