This is not the latest report. Click
here to view the latest report.
CVSS v3.1 Statistics for ICS-CERT as of 12/28/2021
160
320
40
281
Reference
0-69.9%
|
Contributor |
87.8
Contributor
70-94.9%
Provider
95-100%
CVE | CNA Value | Alignment | NIST Value | Reason |
---|---|---|---|---|
CVE-2020-10627 (5 of 8) | Attack Vector (AV) Local | ≠ | Attack Vector (AV) Adjacent Network | Bluetooth, 800.11 or limitation to local logical network communications identified |
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | Privileges Required (PR) None | |||
User Interaction (UI) None | User Interaction (UI) None | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) Low | ≠ | Confidentiality (C) High | No limiting factors for confidentiality listed | |
Integrity (I) High | Integrity (I) High | |||
Availability (A) Low | ≠ | Availability (A) None | No availability impacts identified | |
CVE-2021-26248 (7 of 8) | Attack Vector (AV) Local | Attack Vector (AV) Local | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | ≠ | Privileges Required (PR) Low | Local attacker typically implies some privilege level needed | |
User Interaction (UI) None | User Interaction (UI) None | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) None | Integrity (I) None | |||
Availability (A) None | Availability (A) None | |||
CVE-2021-26262 (7 of 8) | Attack Vector (AV) Local | Attack Vector (AV) Local | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | ≠ | Privileges Required (PR) Low | Local attacker typically implies some privilege level needed | |
User Interaction (UI) None | User Interaction (UI) None | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) None | Integrity (I) None | |||
Availability (A) None | Availability (A) None | |||
CVE-2021-32951 (8 of 8) | Attack Vector (AV) Network | Attack Vector (AV) Network | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | Privileges Required (PR) None | |||
User Interaction (UI) None | User Interaction (UI) None | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) Low | Confidentiality (C) Low | |||
Integrity (I) None | Integrity (I) None | |||
Availability (A) None | Availability (A) None | |||
CVE-2021-38401 (8 of 8) | Attack Vector (AV) Local | Attack Vector (AV) Local | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | Privileges Required (PR) None | |||
User Interaction (UI) Required | User Interaction (UI) Required | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) High | Integrity (I) High | |||
Availability (A) High | Availability (A) High | |||
CVE-2021-38403 (7 of 8) | Attack Vector (AV) Network | Attack Vector (AV) Network | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) High | Privileges Required (PR) High | |||
User Interaction (UI) None | ≠ | User Interaction (UI) Required | Internet browsing, Link clicking and/or file interaction identified | |
Scope (S) Changed | Scope (S) Changed | |||
Confidentiality (C) Low | Confidentiality (C) Low | |||
Integrity (I) Low | Integrity (I) Low | |||
Availability (A) None | Availability (A) None | |||
CVE-2021-38407 (7 of 8) | Attack Vector (AV) Network | Attack Vector (AV) Network | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) High | Privileges Required (PR) High | |||
User Interaction (UI) None | ≠ | User Interaction (UI) Required | Internet browsing, Link clicking and/or file interaction identified | |
Scope (S) Changed | Scope (S) Changed | |||
Confidentiality (C) Low | Confidentiality (C) Low | |||
Integrity (I) Low | Integrity (I) Low | |||
Availability (A) None | Availability (A) None | |||
CVE-2021-38409 (8 of 8) | Attack Vector (AV) Local | Attack Vector (AV) Local | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | Privileges Required (PR) None | |||
User Interaction (UI) Required | User Interaction (UI) Required | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) High | Integrity (I) High | |||
Availability (A) High | Availability (A) High | |||
CVE-2021-38411 (7 of 8) | Attack Vector (AV) Network | Attack Vector (AV) Network | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) High | Privileges Required (PR) High | |||
User Interaction (UI) None | ≠ | User Interaction (UI) Required | Internet browsing, Link clicking and/or file interaction identified | |
Scope (S) Changed | Scope (S) Changed | |||
Confidentiality (C) Low | Confidentiality (C) Low | |||
Integrity (I) Low | Integrity (I) Low | |||
Availability (A) None | Availability (A) None | |||
CVE-2021-38413 (8 of 8) | Attack Vector (AV) Local | Attack Vector (AV) Local | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | Privileges Required (PR) None | |||
User Interaction (UI) Required | User Interaction (UI) Required | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) High | Integrity (I) High | |||
Availability (A) High | Availability (A) High | |||
CVE-2021-38415 (8 of 8) | Attack Vector (AV) Local | Attack Vector (AV) Local | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | Privileges Required (PR) None | |||
User Interaction (UI) Required | User Interaction (UI) Required | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) High | Integrity (I) High | |||
Availability (A) High | Availability (A) High | |||
CVE-2021-38416 (8 of 8) | Attack Vector (AV) Local | Attack Vector (AV) Local | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) Low | Privileges Required (PR) Low | |||
User Interaction (UI) None | User Interaction (UI) None | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) High | Integrity (I) High | |||
Availability (A) High | Availability (A) High | |||
CVE-2021-38418 (4 of 8) | Attack Vector (AV) Adjacent Network | ≠ | Attack Vector (AV) Network | Applied AV:N due to network vector identified |
Attack Complexity (AC) Low | ≠ | Attack Complexity (AC) High | MiTM scenario identified | |
Privileges Required (PR) None | Privileges Required (PR) None | |||
User Interaction (UI) None | User Interaction (UI) None | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) High | ≠ | Integrity (I) None | No integrity impacts identified | |
Availability (A) High | ≠ | Availability (A) None | No availability impacts identified | |
CVE-2021-38419 (8 of 8) | Attack Vector (AV) Local | Attack Vector (AV) Local | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | Privileges Required (PR) None | |||
User Interaction (UI) Required | User Interaction (UI) Required | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) High | Integrity (I) High | |||
Availability (A) High | Availability (A) High | |||
CVE-2021-38420 (8 of 8) | Attack Vector (AV) Local | Attack Vector (AV) Local | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) Low | Privileges Required (PR) Low | |||
User Interaction (UI) None | User Interaction (UI) None | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) High | Integrity (I) High | |||
Availability (A) High | Availability (A) High | |||
CVE-2021-38421 (7 of 8) | Attack Vector (AV) Local | Attack Vector (AV) Local | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | Privileges Required (PR) None | |||
User Interaction (UI) Required | User Interaction (UI) Required | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) High | ≠ | Integrity (I) None | No limiting factors for integrity listed | |
Availability (A) High | Availability (A) High | |||
CVE-2021-38422 (8 of 8) | Attack Vector (AV) Local | Attack Vector (AV) Local | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) Low | Privileges Required (PR) Low | |||
User Interaction (UI) None | User Interaction (UI) None | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) High | Integrity (I) High | |||
Availability (A) High | Availability (A) High | |||
CVE-2021-38424 (2 of 8) | Attack Vector (AV) Network | ≠ | Attack Vector (AV) Local | AV:L due to file parsed local to vulnerable component |
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) High | ≠ | Privileges Required (PR) None | No privileges needed by attacker identified by NVD analyst | |
User Interaction (UI) Required | User Interaction (UI) Required | |||
Scope (S) Changed | ≠ | Scope (S) Unchanged | Unclear if Scope change occurs. No identification of security boundaries being crossed. | |
Confidentiality (C) Low | ≠ | Confidentiality (C) High | No limiting factors for confidentiality listed | |
Integrity (I) Low | ≠ | Integrity (I) High | No limiting factors for integrity listed | |
Availability (A) Low | ≠ | Availability (A) High | No limiting factors for availability listed | |
CVE-2021-38428 (7 of 8) | Attack Vector (AV) Network | Attack Vector (AV) Network | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) High | Privileges Required (PR) High | |||
User Interaction (UI) None | ≠ | User Interaction (UI) Required | Internet browsing, Link clicking and/or file interaction identified | |
Scope (S) Changed | Scope (S) Changed | |||
Confidentiality (C) Low | Confidentiality (C) Low | |||
Integrity (I) Low | Integrity (I) Low | |||
Availability (A) None | Availability (A) None | |||
CVE-2021-38448 (7 of 8) | Attack Vector (AV) Physical | Attack Vector (AV) Physical | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | Privileges Required (PR) None | |||
User Interaction (UI) None | User Interaction (UI) None | |||
Scope (S) Changed | Scope (S) Changed | |||
Confidentiality (C) Low | ≠ | Confidentiality (C) High | No limiting factors for confidentiality listed | |
Integrity (I) High | Integrity (I) High | |||
Availability (A) High | Availability (A) High | |||
CVE-2021-38471 (8 of 8) | Attack Vector (AV) Network | Attack Vector (AV) Network | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | Privileges Required (PR) None | |||
User Interaction (UI) None | User Interaction (UI) None | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) None | Confidentiality (C) None | |||
Integrity (I) High | Integrity (I) High | |||
Availability (A) High | Availability (A) High | |||
CVE-2021-38488 (7 of 8) | Attack Vector (AV) Network | Attack Vector (AV) Network | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) High | Privileges Required (PR) High | |||
User Interaction (UI) None | ≠ | User Interaction (UI) Required | Internet browsing, Link clicking and/or file interaction identified | |
Scope (S) Changed | Scope (S) Changed | |||
Confidentiality (C) Low | Confidentiality (C) Low | |||
Integrity (I) Low | Integrity (I) Low | |||
Availability (A) None | Availability (A) None | |||
CVE-2021-42543 (8 of 8) | Attack Vector (AV) Local | Attack Vector (AV) Local | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | Privileges Required (PR) None | |||
User Interaction (UI) Required | User Interaction (UI) Required | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) High | Integrity (I) High | |||
Availability (A) High | Availability (A) High | |||
CVE-2021-42698 (8 of 8) | Attack Vector (AV) Local | Attack Vector (AV) Local | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | Privileges Required (PR) None | |||
User Interaction (UI) Required | User Interaction (UI) Required | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) High | Integrity (I) High | |||
Availability (A) High | Availability (A) High | |||
CVE-2021-42699 (5 of 8) | Attack Vector (AV) Network | Attack Vector (AV) Network | ||
Attack Complexity (AC) Low | ≠ | Attack Complexity (AC) High | MiTM scenario identified | |
Privileges Required (PR) Low | ≠ | Privileges Required (PR) None | No privileges needed by attacker identified by NVD analyst | |
User Interaction (UI) Required | ≠ | User Interaction (UI) None | User Interaction not identified | |
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) None | Integrity (I) None | |||
Availability (A) None | Availability (A) None | |||
CVE-2021-42701 (5 of 8) | Attack Vector (AV) Local | Attack Vector (AV) Local | ||
Attack Complexity (AC) Low | ≠ | Attack Complexity (AC) High | MiTM scenario identified | |
Privileges Required (PR) Low | ≠ | Privileges Required (PR) None | No privileges needed by attacker identified by NVD analyst | |
User Interaction (UI) Required | User Interaction (UI) Required | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) None | ≠ | Confidentiality (C) High | Information leaked is sensitive such as passwords or other vital secrets | |
Integrity (I) High | Integrity (I) High | |||
Availability (A) None | Availability (A) None | |||
CVE-2021-42703 (7 of 8) | Attack Vector (AV) Network | Attack Vector (AV) Network | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | Privileges Required (PR) None | |||
User Interaction (UI) Required | User Interaction (UI) Required | |||
Scope (S) Unchanged | ≠ | Scope (S) Changed | Security boundary cross identified | |
Confidentiality (C) Low | Confidentiality (C) Low | |||
Integrity (I) Low | Integrity (I) Low | |||
Availability (A) None | Availability (A) None | |||
CVE-2021-42705 (8 of 8) | Attack Vector (AV) Local | Attack Vector (AV) Local | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | Privileges Required (PR) None | |||
User Interaction (UI) Required | User Interaction (UI) Required | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) High | Integrity (I) High | |||
Availability (A) High | Availability (A) High | |||
CVE-2021-42706 (6 of 8) | Attack Vector (AV) Local | Attack Vector (AV) Local | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | ≠ | Privileges Required (PR) Low | Local attacker typically implies some privilege level needed | |
User Interaction (UI) Required | ≠ | User Interaction (UI) None | Local attack, attacker does not need to rely on user interaction | |
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) High | Integrity (I) High | |||
Availability (A) High | Availability (A) High | |||
CVE-2021-42707 (8 of 8) | Attack Vector (AV) Local | Attack Vector (AV) Local | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | Privileges Required (PR) None | |||
User Interaction (UI) Required | User Interaction (UI) Required | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) High | Integrity (I) High | |||
Availability (A) High | Availability (A) High | |||
CVE-2021-42744 (7 of 8) | Attack Vector (AV) Local | Attack Vector (AV) Local | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | ≠ | Privileges Required (PR) Low | Local attacker typically implies some privilege level needed | |
User Interaction (UI) None | User Interaction (UI) None | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) None | Integrity (I) None | |||
Availability (A) None | Availability (A) None | |||
CVE-2021-43549 (7 of 8) | Attack Vector (AV) Network | Attack Vector (AV) Network | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) High | Privileges Required (PR) High | |||
User Interaction (UI) Required | User Interaction (UI) Required | |||
Scope (S) Changed | Scope (S) Changed | |||
Confidentiality (C) High | ≠ | Confidentiality (C) Low | Information leaked appears non-critical/sensitive | |
Integrity (I) Low | Integrity (I) Low | |||
Availability (A) None | Availability (A) None | |||
CVE-2021-43551 (6 of 8) | Attack Vector (AV) Network | Attack Vector (AV) Network | ||
Attack Complexity (AC) High | ≠ | Attack Complexity (AC) Low | No Race Condition, implementation specific secrets required or MiTM identified for NVD analyst | |
Privileges Required (PR) Low | Privileges Required (PR) Low | |||
User Interaction (UI) Required | User Interaction (UI) Required | |||
Scope (S) Changed | Scope (S) Changed | |||
Confidentiality (C) High | ≠ | Confidentiality (C) Low | Information leaked appears non-critical/sensitive | |
Integrity (I) Low | Integrity (I) Low | |||
Availability (A) None | Availability (A) None | |||
CVE-2021-43553 (7 of 8) | Attack Vector (AV) Network | Attack Vector (AV) Network | ||
Attack Complexity (AC) High | ≠ | Attack Complexity (AC) Low | No Race Condition, implementation specific secrets required or MiTM identified for NVD analyst | |
Privileges Required (PR) Low | Privileges Required (PR) Low | |||
User Interaction (UI) None | User Interaction (UI) None | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) Low | Confidentiality (C) Low | |||
Integrity (I) None | Integrity (I) None | |||
Availability (A) None | Availability (A) None | |||
CVE-2021-43555 (7 of 8) | Attack Vector (AV) Local | Attack Vector (AV) Local | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | Privileges Required (PR) None | |||
User Interaction (UI) Required | User Interaction (UI) Required | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) Low | ≠ | Confidentiality (C) High | No limiting factors for confidentiality listed | |
Integrity (I) High | Integrity (I) High | |||
Availability (A) High | Availability (A) High | |||
CVE-2021-43931 (8 of 8) | Attack Vector (AV) Network | Attack Vector (AV) Network | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | Privileges Required (PR) None | |||
User Interaction (UI) None | User Interaction (UI) None | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) High | Integrity (I) High | |||
Availability (A) High | Availability (A) High | |||
CVE-2021-43935 (7 of 8) | Attack Vector (AV) Network | Attack Vector (AV) Network | ||
Attack Complexity (AC) High | ≠ | Attack Complexity (AC) Low | No Race Condition, implementation specific secrets required or MiTM identified for NVD analyst | |
Privileges Required (PR) None | Privileges Required (PR) None | |||
User Interaction (UI) None | User Interaction (UI) None | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) High | Integrity (I) High | |||
Availability (A) High | Availability (A) High | |||
CVE-2021-43936 (7 of 8) | Attack Vector (AV) Network | Attack Vector (AV) Network | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | Privileges Required (PR) None | |||
User Interaction (UI) None | User Interaction (UI) None | |||
Scope (S) Changed | ≠ | Scope (S) Unchanged | Unclear if Scope change occurs. No identification of security boundaries being crossed. | |
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) High | Integrity (I) High | |||
Availability (A) High | Availability (A) High | |||
CVE-2021-43982 (8 of 8) | Attack Vector (AV) Local | Attack Vector (AV) Local | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | Privileges Required (PR) None | |||
User Interaction (UI) Required | User Interaction (UI) Required | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) High | Integrity (I) High | |||
Availability (A) High | Availability (A) High | |||
CVE-2021-43983 (8 of 8) | Attack Vector (AV) Local | Attack Vector (AV) Local | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | Privileges Required (PR) None | |||
User Interaction (UI) Required | User Interaction (UI) Required | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) High | Integrity (I) High | |||
Availability (A) High | Availability (A) High |