CVE-2021-26726

Summary

A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021.

Affected Software

VendorProductVersion RangeStatus
Valmet DNAValmet DNACollection 2012 < Collection 2021affected

Weaknesses

  • CWE-305: CWE-305 Authentication Bypass by Primary Weakness
  • CWE-209: CWE-209 Information Exposure Through an Error Message
  • CWE-272: CWE-272 Least Privilege Violation
  • CWE-78: CWE-78 OS Command Injection

Workarounds

Use Valmet DNA Firewall feature to limit access to TCP port 1517

ADP Enrichment

CVE Program Container

Additional References

References