CVE-2021-36799 Information

Description

UNSUPPORTED WHEN ASSIGNED KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password with a salt value of Ivan Medvedev allowing local users to read project information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Reference

https://www.knx.org/knx-en/for-professionals/software/ets-5-professional/ https://github.com/robertguetzkow/ets5-password-recovery http://packetstormsecurity.com/files/165200/ETS5-Password-Recovery-Tool.html

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8