CVE-2021-32945
📋 TL;DR
This vulnerability allows attackers to break the encryption in MDT AutoSave software versions prior to v6.02.06, potentially gaining unauthorized access to protected data. It affects industrial control systems using MDT AutoSave for data backup and recovery. Organizations using vulnerable versions in critical infrastructure are particularly at risk.
💻 Affected Systems
- MDT AutoSave
📦 What is this software?
Autosave by Auvesy Mdt
Autosave by Auvesy Mdt
⚠️ Risk & Real-World Impact
Worst Case
Attackers could decrypt sensitive industrial control system backup data, potentially gaining access to operational technology networks, manipulating backup files, or disrupting recovery processes.
Likely Case
Unauthorized access to backup data containing configuration files, process parameters, or system credentials that could be used for further attacks.
If Mitigated
Limited impact with proper network segmentation and access controls, though backup integrity could still be compromised.
🎯 Exploit Status
Requires access to encrypted backup files. No public exploit code identified, but the vulnerability is documented in ICS advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v6.02.06 and later
Vendor Advisory: https://www.cisa.gov/uscert/ics/advisories/icsa-21-189-02
Restart Required: Yes
Instructions:
1. Download MDT AutoSave v6.02.06 or later from official vendor sources. 2. Backup current configuration and data. 3. Install the updated version following vendor documentation. 4. Restart the system and verify functionality.
🔧 Temporary Workarounds
Restrict Backup File Access
windowsLimit access to MDT AutoSave backup files and directories to authorized personnel only.
Windows: icacls "C:\Program Files\MDT AutoSave\backups" /deny Everyone:(R,W,X)
Windows: Set-NTFSAccess -Path "C:\Program Files\MDT AutoSave\backups" -Account "Everyone" -AccessRights Deny
Network Segmentation
allIsolate MDT AutoSave systems from general network access and implement strict firewall rules.
🧯 If You Can't Patch
- Implement strict access controls to backup directories and files
- Monitor for unauthorized access attempts to backup systems and review access logs regularly
🔍 How to Verify
Check if Vulnerable:
Check MDT AutoSave version in the application interface or installation directory. Versions below 6.02.06 are vulnerable.Check Version:
Check application 'About' dialog or examine installation directory for version informationVerify Fix Applied:
Confirm version is 6.02.06 or higher in the application interface and verify encryption functionality works properly.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to backup directories
- Multiple failed decryption attempts
- Unusual file access patterns in backup locations
Network Indicators:
- Unexpected network traffic to/from backup systems
- Large data transfers from backup locations
SIEM Query:
source="MDT AutoSave" AND (event_type="access_denied" OR event_type="failed_decryption")