CVE-2021-22682

Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, which allows full permissions, including read/write access. This may allow unprivileged users to modify the binaries and configuration files and lead to local privilege escalation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
VendorProductVersion
hornerautomationcscape
𝑥
< 9.90
hornerautomationcscape
9.90
hornerautomationcscape
9.90:sp1
hornerautomationcscape
9.90:sp2
hornerautomationcscape
9.90:sp3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://us-cert.cisa.gov/ics/advisories/icsa-21-112-01
https://us-cert.cisa.gov/ics/advisories/icsa-21-112-01