返回 CVE 浏览器

CVE-2021-43936

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1080%

EPSS Percentile28.47th

Published2021年12月6日

Last Modified2024年11月21日

Vulnerability Description

The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution.

Affected Platforms (CPE)

💻

Webhmi

Webhmi Firmware

< 4.1

References & Advisories

🔗 http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.html

🔗 https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03

🔗 http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.html

🔗 https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03

相关漏洞威胁

CVE-2021-2124310.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deser...

CVE-2021-2124410.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server sid...

CVE-2021-021110.0

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon ...

CVE-2021-2124210.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-a...