CVE-2021-33025 : What You Need to Know
Learn about CVE-2021-33025, a vulnerability in xArrow SCADA versions 7.2 and earlier allowing unvalidated registry keys to execute commands with application-level privileges. Read about the impact, technical details, mitigation steps, and recommendations.
This article provides insights into CVE-2021-33025, a vulnerability in xArrow SCADA versions 7.2 and earlier that allows unvalidated registry keys to run with elevated privileges.
Understanding CVE-2021-33025
CVE-2021-33025, also known as xArrow SCADA Path Traversal, was reported by Sharon Brizinov from Claroty and Michael Heinzl to CISA on August 17, 2021.
What is CVE-2021-33025?
xArrow SCADA versions 7.2 and prior contain a vulnerability that enables unvalidated registry keys to execute commands with application-level privileges.
The Impact of CVE-2021-33025
With a CVSS base score of 5.6, this medium-severity vulnerability poses a risk of high integrity impact and low confidentiality impact. The attack complexity is low, requiring local access and user interaction.
Technical Details of CVE-2021-33025
The vulnerability is classified as CWE-79: Cross-site Scripting.
Vulnerability Description
This vulnerability in xArrow SCADA versions 7.2 and earlier allows unvalidated registry keys to be executed at the application level, potentially leading to unauthorized access and misuse of system resources.
Affected Systems and Versions
Affected product: xArrow SCADA Vendor: xArrow Vulnerable versions: <= 7.2 (custom version)
Exploitation Mechanism
The exploit involves permitting unvalidated registry keys to be run with application-level privileges in xArrow SCADA versions 7.2 and prior.
Mitigation and Prevention
Users are advised to take immediate action to secure their systems and prevent exploitation of this vulnerability.
Immediate Steps to Take
- Disable web server implementation (Web server is disabled by default)
- Minimize network exposure for control system devices
- Secure remote access using Virtual Private Networks (VPNs)
Long-Term Security Practices
Organizations should conduct impact analysis and risk assessment before deploying defensive measures. It is crucial to ensure that control system networks are isolated from business networks.
Patching and Updates
xArrow has not responded to requests to address these vulnerabilities. Users are encouraged to contact xArrow customer support for more responsible security practices.
CISA recommends implementing defensive measures to minimize the risk of exploitation of these vulnerabilities.
CISA advises organizations to continually update VPNs to the latest versions and to secure connected devices.