CVE-2021-33008 – CVE-2021-33008 is an authentication bypass vuln... (How to Fix)

Q: What is the severity of CVE-2021-33008?

CVE-2021-33008 has a CVSS score of 8.8 (HIGH). CVE-2021-33008 is an authentication bypass vulnerability in AVEVA System Platform versions 2017 through 2020 R2 P01. It allows unauthenticated attackers to access functionality that should require user authentication, potentially leading to unauthorized system control. This affects industrial control systems using these AVEVA products.

📋 TL;DR

CVE-2021-33008 is an authentication bypass vulnerability in AVEVA System Platform versions 2017 through 2020 R2 P01. It allows unauthenticated attackers to access functionality that should require user authentication, potentially leading to unauthorized system control. This affects industrial control systems using these AVEVA products.

💻 Affected Systems

Products:

AVEVA System Platform

Versions: 2017 through 2020 R2 P01

Operating Systems: Windows (typically used in industrial environments)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all installations within the version range; no special configuration required for vulnerability.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial control systems, allowing attackers to manipulate critical processes, cause physical damage, disrupt operations, or exfiltrate sensitive industrial data.

🟠

Likely Case

Unauthorized access to system functionality, configuration changes, data theft, and potential disruption of industrial operations.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls are implemented, though authentication bypass remains possible within allowed network zones.

🌐 Internet-Facing: HIGH - If exposed to internet, attackers can directly exploit without authentication.

🏢 Internal Only: HIGH - Even internally, lack of authentication allows any network-connected attacker to exploit.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Authentication bypass vulnerabilities typically have low exploitation complexity once the vulnerable endpoint is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2020 R2 P02 and later

Vendor Advisory: https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-002.pdf

Restart Required: Yes

Instructions:

1. Download patch from AVEVA support portal. 2. Backup current installation. 3. Apply patch following vendor instructions. 4. Restart system. 5. Verify authentication is now required for all functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate AVEVA System Platform systems from untrusted networks using firewalls and VLANs.

Access Control Lists

all

Implement strict network access controls to limit connections to trusted IP addresses only.

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems
Deploy intrusion detection systems to monitor for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check System Platform version; if between 2017 and 2020 R2 P01 inclusive, system is vulnerable.

Check Version:

Check version in AVEVA System Platform About dialog or installation directory properties.

Verify Fix Applied:

Verify version is 2020 R2 P02 or later, and test that authentication is required for all system functionality.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated access attempts to system functionality
Authentication bypass patterns in application logs

Network Indicators:

Unusual network traffic to AVEVA System Platform ports from unauthorized sources

SIEM Query:

source_ip NOT IN (trusted_ips) AND destination_port IN (AVEVA_ports) AND authentication_status = 'none'

📊 Metadata

CVE ID: CVE-2021-33008

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-306

Published: April 4, 2022

Last Updated: November 21, 2024

🔗 References

https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-002.pdf Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-21-180-05 Third Party Advisory,US Government Resource
https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-002.pdf Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-21-180-05 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-33008, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

System Platform by Aveva

System Platform by Aveva

System Platform by Aveva

System Platform by Aveva

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Access Control Lists

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities