CVE-2021-22850
Published: 19 January 2021
Summary
CVE-2021-22850 is a medium-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Hgiga Oaklouds Portal. Its CVSS base score is 5.3 (Medium).
Operationally, ranked in the top 47.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-9985
Vulnerability details
HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
The assessment process confirms authentication is present and effective for critical functions, preventing exploitation from missing authentication.
Certification assesses that critical functions have required authentication controls in place.
Disabling non-essential functions and services eliminates the need to secure them, reducing exposure from missing authentication on unnecessary components.
The shutoff is a critical function, and the control ensures it cannot be activated without proper (physical) authentication.
Requires verification of individual access authorizations before granting facility entry, addressing missing authentication for critical physical access.
Implements authentication steps (ID checks, sign-in, escort verification) for physical access to critical functions or locations.
Tailoring actions include assigning or restricting permissions on critical resources to the minimum necessary for the system's purpose and threat environment.
Protection planning for critical infrastructure directly calls for authentication of access to essential functions before any operation is permitted.