Lack of protection against brute force attacks
An arbitrary number of login attempts can be made via the Valmet DNA operator user interface without the user being blocked.
CVSS v4.0 Score
The affected application does not properly sanitize input data before sending it to the SQL server. This could allow an attacker with access to the application could use this vulnerability to execute malicious SQL commands to compromise the whole database.
A properly configured firewall helps to prevent unauthorized access from untrusted networks to the system. The availability to operate should always be evaluated according industry best practices.
The new version is available from Valmet Automation Customer Service.
User passwords in plain text
Passwords of Valmet DNA users are stored in plain text within the Valmet DNA function blocks.
CVSS v4.0 Score
This practice poses a security risk as attackers who gain access to local project data can read the passwords.
A properly configured firewall helps to prevent unauthorized access from untrusted networks to the system.
The solution is available from Valmet Automation Customer Service.
Local privilege escalation through insecure DCOM configuration
It is possible to gain SYSTEM privileges as any local user via a permission issue in the DCOM object.
CVSS v4.0 Score
The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.
The new version of Valmet DNA is now available through Valmet Automation Customer Service and should be implemented immediately.
