10
CVE-2021-43936
- EPSS 35.8%
- Veröffentlicht 06.12.2021 18:15:08
- Zuletzt bearbeitet 21.11.2024 06:30:02
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginDistributed Data Systems WebHM
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Webhmi ≫ Webhmi Firmware Version < 4.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 35.8% | 0.983 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| ics-cert@hq.dhs.gov | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03
http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.html