CVE-2021-25910 – CVE-2021-25910 is an improper authentication vu... (How to Fix)

Q: What is the severity of CVE-2021-25910?

CVE-2021-25910 has a CVSS score of 8.0 (HIGH). CVE-2021-25910 is an improper authentication vulnerability in ZIV AUTOMATION 4CCT-EA6-334126BF devices where the cookie parameter can be manipulated to bypass authentication. This allows local attackers to modify device parameters as if they were authenticated users. Organizations using these industrial control system devices are affected.

📋 TL;DR

CVE-2021-25910 is an improper authentication vulnerability in ZIV AUTOMATION 4CCT-EA6-334126BF devices where the cookie parameter can be manipulated to bypass authentication. This allows local attackers to modify device parameters as if they were authenticated users. Organizations using these industrial control system devices are affected.

💻 Affected Systems

Products:

ZIV AUTOMATION 4CCT-EA6-334126BF

Versions: Specific version information not provided in references, but appears to affect current versions at time of disclosure.

Operating Systems: Embedded/ICS firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web interface cookie authentication mechanism. Requires local network access to the device.

📦 What is this software?

4cct Ea6 334126bf Firmware by Zivautomation

View all CVEs affecting 4cct Ea6 334126bf Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could modify critical device parameters, potentially disrupting industrial processes, causing equipment damage, or creating safety hazards in operational technology environments.

🟠

Likely Case

Local attackers with network access could modify configuration settings, potentially disrupting device functionality or gaining persistent access to the system.

🟢

If Mitigated

With proper network segmentation and access controls, impact would be limited to isolated network segments with minimal operational disruption.

🌐 Internet-Facing: LOW - This is an ICS device typically deployed in isolated networks, not directly internet-facing.

🏢 Internal Only: HIGH - Local network access allows authentication bypass and parameter modification in industrial environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local network access and manipulation of cookie parameters. No public exploit code identified in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: https://www.incibe-cert.es/en/early-warning/ics-advisories/4cct-vulnerable-improper-authentication

Restart Required: No

Instructions:

No official patch identified. Contact ZIV AUTOMATION for firmware updates or security guidance specific to this vulnerability.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices in dedicated network segments with strict access controls

Access Control Lists

all

Implement firewall rules to restrict access to device management interfaces

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected devices from general network traffic
Monitor network traffic to/from affected devices for unusual authentication attempts or parameter modifications

🔍 How to Verify

Check if Vulnerable:

Check if you have ZIV AUTOMATION 4CCT-EA6-334126BF devices deployed and review network access controls

Check Version:

Check device firmware version through web interface or device documentation

Verify Fix Applied:

Test authentication mechanisms by attempting to access device parameters without proper credentials

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts followed by successful parameter modifications
Unusual cookie values in web interface logs

Network Indicators:

Unauthorized parameter modification requests to device management interface
Traffic to device from unexpected network segments

SIEM Query:

source_ip IN (device_network_range) AND (http_cookie CONTAINS 'manipulated' OR http_method = 'POST' AND uri CONTAINS 'parameter')

📊 Metadata

CVE ID: CVE-2021-25910

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: January 29, 2021

Last Updated: November 21, 2024

🔗 References

https://www.incibe-cert.es/en/early-warning/ics-advisories/4cct-vulnerable-improper-authentication Third Party Advisory
https://www.incibe-cert.es/en/early-warning/ics-advisories/4cct-vulnerable-improper-authentication Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-25910, you might also want to check these: