CVE-2021-43936
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Distributed Data Systems | WebHMI | 4.1 < 4.1 | affected |
Weaknesses
- Unrestricted Upload of File with Dangerous Type
Workarounds
Distributed Data Systems recommends upgrading the platform software to the latest release, Version 4.1
ADP Enrichment
CVE Program Container
Additional References
- https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03
- http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.html
References
- https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03
- http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.