Home / Early Warning / Ics Advisories / SITEL CAP/PRX vulnerable to a denial of service attack

SITEL CAP/PRX vulnerable to a denial of service attack

Publication date: 
3 - Media
Affected resources: 

CAP/PRX firmware version 5.2.01.


INCIBE has coordinated the publication of a vulnerability in the SITEL CAP/PRX device, with the internal code INCIBE-2021-0180, which has been discovered by the Industrial Cybersecurity team of S21sec, special mention to Aarón Flecha Menéndez and Luis Martín Liras, as an independent researcher.

CVE-2021-32455 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.8 has been calculated; the CVSS vector string is AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H.


The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform.


The CAP/PRX remote from SITEL is vulnerable to suffer a Denial of Service condition by sending HTTP requests massively. Since the device does not properly close these connections, after a period of time the embedded web server suffers a denial of service.

This vulnerability has been corrected in the affected products through SITEL's continuous improvement processes.

CWE-400: Uncontrolled Resource Consumption.


11/08/2017 – Researchers disclosure.
02/10/2020 – Researchers contact with INCIBE.
08/02/2021 – SITEL confirms the vulnerability to INCIBE and the publication of the corrective version and the new software version (security patch).
13/05/20201 – INCIBE publishes the advisory.

If you have any information regarding this advisory, please contact INCIBE as indicated in the CVE Assignment and publication section.

Encuesta valoración