CVE-2021-33010 : What You Need to Know
CVE-2021-33010, also known as AVEVA System Platform Uncaught Exception, affects versions 2017 through 2020 R2 P01. Learn about the impact, technical details, and mitigation strategies.
CVE-2021-33010, also known as AVEVA System Platform Uncaught Exception, is a vulnerability reported by Sharon Brizinov of Claroty to AVEVA. The vulnerability exists in AVEVA System Platform versions 2017 through 2020 R2 P01. An uncaught exception in a specific function may lead to a denial-of-service condition.
Understanding CVE-2021-33010
This section delves into the impact and technical details of CVE-2021-33010.
What is CVE-2021-33010?
The vulnerability stems from an exception in AVEVA System Platform versions 2017 through 2020 R2 P01 that is not caught, potentially resulting in a denial-of-service scenario.
The Impact of CVE-2021-33010
With a CVSSv3.1 base score of 7.5 (High), the vulnerability poses a significant risk due to its potential to cause a denial-of-service condition.
Technical Details of CVE-2021-33010
To mitigate and prevent the exploitation of CVE-2021-33010, consider the following technical details.
Vulnerability Description
The vulnerability involves an uncaught exception from a function in AVEVA System Platform, affecting versions 2017 through 2020 R2 P01.
Affected Systems and Versions
AVEVA System Platform versions 2017 through 2020 R2 P01 are impacted by this vulnerability.
Exploitation Mechanism
The vulnerability can be exploited through network access, with low attack complexity but high availability impact.
Mitigation and Prevention
Protecting your systems from CVE-2021-33010 requires prompt action and long-term security measures.
Immediate Steps to Take
If you are using AVEVA System Platform versions 2017 through 2020 R2 P01, consider disabling the AutoBuild service on Runtime nodes or upgrading to the recommended versions provided by AVEVA.
Long-Term Security Practices
Evaluate the impact of vulnerabilities based on your environment, architecture, and product implementation. Implement necessary security updates and best practices for ongoing protection.
Patching and Updates
Ensure that you apply recommended security updates from AVEVA as outlined in the security bulletin AVEVA-2021-002 for comprehensive mitigation strategies.