CVE-2021-45420

Exploit

EPSS 78.7%
Published 14.02.2022 14:15:08
Last modified 21.11.2024 06:32:11
Source cve@mitre.org
Teams watchlist Login
Open Login

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced

Affected products Warnungen 0 Metrics 3 CWE 3 References 6

Data is provided by the National Vulnerability Database (NVD)

Emerson ≫ Dixell Xweb-500 Firmware Version-

Emerson ≫ Dixell Xweb-500 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	78.7%	0.99

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

http://dixell.com

Product

http://emerson.com

Vendor Advisory

https://www.swascan.com/emerson

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-45420

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-45420

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-45420

EUVD