CVE-2021-42540

Summary

The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.

Affected Software

VendorProductVersion RangeStatus
EmersonWirelessHART Gateway1410 <= 4.7.94affected
EmersonWirelessHART Gateway1410D <= 4.7.94affected
EmersonWirelessHART Gateway1420 <= 4.7.94affected

Weaknesses

  • CWE-123: CWE-123 Write-what-where Condition

ADP Enrichment

CVE Program Container

Additional References

References