CVE-2021-32928: 
Thales Sentinel Runtime vulnerability analysis and mitigation

The Sentinel LDK Run-Time Environment (RTE) installer versions 7.6 and prior contains a vulnerability identified as CVE-2021-32928. The vulnerability was discovered and disclosed in June 2021, affecting systems with the Sentinel License Manager firewall rule. This vulnerability impacts multiple vendors' products that utilize the Thales Sentinel LDK Run-Time Environment (CISA Advisory).

The vulnerability stems from an incomplete cleanup process during software uninstallation. The run-time environment installer adds a firewall rule named 'Sentinel License Manager' that allows incoming connections from private networks using TCP Port 1947. The critical security flaw occurs when uninstalling the software, as the uninstaller fails to close Port 1947, leaving it exposed. The vulnerability has been assigned a CVSS v3 base score of 9.6 with the vector string (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), indicating its critical severity (CISA Advisory).

The vulnerability leaves TCP Port 1947 open after uninstallation, potentially allowing attackers to connect to affected systems. This exposure could lead to unauthorized access to systems that previously had the Sentinel LDK Run-Time Environment installed and then uninstalled (CISA Advisory).

Thales recommends upgrading to RTE Version 8.15 or later. For systems where uninstallation is necessary with affected versions, users should select the 'purge option' during uninstallation, which removes the Sentinel License Manager and closes the port. For already affected systems, administrators should ensure TCP Port 1947 is closed and implement appropriate IDS/IPS measures against this port. Additionally, CISA recommends minimizing network exposure for all control system devices and ensuring they are not accessible from the Internet (CISA Advisory).