CVE-2021-32933 – This vulnerability allows attackers to upload m... (How to Fix)

Q: What is the severity of CVE-2021-32933?

CVE-2021-32933 has a CVSS score of 10.0 (CRITICAL). This vulnerability allows attackers to upload malicious files through an API in MDT AutoSave software, which can manipulate process creation commands to execute arbitrary code. It affects MDT AutoSave versions before 6.02.06. Industrial control systems using this software are at risk.

📋 TL;DR

This vulnerability allows attackers to upload malicious files through an API in MDT AutoSave software, which can manipulate process creation commands to execute arbitrary code. It affects MDT AutoSave versions before 6.02.06. Industrial control systems using this software are at risk.

💻 Affected Systems

Products:

MDT AutoSave

Versions: All versions prior to v6.02.06

Operating Systems: Windows (typically used in industrial control systems)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems where MDT AutoSave is installed and the vulnerable API is accessible.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attackers to execute arbitrary commands with system privileges, potentially disrupting industrial processes or exfiltrating sensitive data.

🟠

Likely Case

Remote code execution leading to malware deployment, data theft, or system manipulation in industrial environments.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent API access from untrusted networks.

🌐 Internet-Facing: HIGH if MDT AutoSave systems are exposed to the internet, as the vulnerability can be exploited remotely without authentication.

🏢 Internal Only: HIGH even on internal networks, as attackers could pivot from other compromised systems or use phishing to gain initial access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability involves simple file upload and command injection, making exploitation relatively straightforward for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v6.02.06 and later

Vendor Advisory: https://www.cisa.gov/uscert/ics/advisories/icsa-21-189-02

Restart Required: Yes

Instructions:

1. Download MDT AutoSave version 6.02.06 or later from the vendor. 2. Backup current configuration and data. 3. Install the update following vendor instructions. 4. Restart the system to apply changes.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate MDT AutoSave systems from untrusted networks and restrict API access.

Access Control

windows

Implement strict firewall rules to limit access to MDT AutoSave API endpoints.

netsh advfirewall firewall add rule name="Block MDT API" dir=in action=block protocol=TCP localport=<API_PORT>

🧯 If You Can't Patch

Implement network segmentation to isolate vulnerable systems from untrusted networks.
Deploy application whitelisting to prevent execution of unauthorized processes.

🔍 How to Verify

Check if Vulnerable:

Check MDT AutoSave version in the software interface or installation directory. Versions below 6.02.06 are vulnerable.

Check Version:

Check the 'About' section in MDT AutoSave GUI or examine installed programs in Windows Control Panel.

Verify Fix Applied:

Confirm version is 6.02.06 or higher in the software interface and test API functionality remains operational.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads via MDT AutoSave API
Unexpected process creation events
Command line arguments containing suspicious patterns

Network Indicators:

Unusual traffic to MDT AutoSave API endpoints
File uploads to industrial control system components

SIEM Query:

source="MDT AutoSave" AND (event="file_upload" OR event="process_creation") AND command_line="*cmd*" OR command_line="*powershell*"

📊 Metadata

CVE ID: CVE-2021-32933

CVSS v3 Score: 10.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H

CWE: CWE-77

Published: April 1, 2022

Last Updated: November 21, 2024

🔗 References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-189-02 Mitigation,Third Party Advisory,US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-189-02 Mitigation,Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-32933, you might also want to check these: