CVE-2021-43936

Sažetak

The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution.

Reference

https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03
http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.html

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

12-04-2022 - 18:06

Objavljeno

06-12-2021 - 18:15