返回 CVE 瀏覽器

CVE-2021-43936

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1080%

EPSS Percentile28.47th

Published2021年12月6日

Last Modified2024年11月21日

Vulnerability Description

The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution.

Affected Platforms (CPE)

💻

Webhmi

Webhmi Firmware

< 4.1

References & Advisories

🔗 http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.html

🔗 https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03

🔗 http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.html

🔗 https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03

相關漏洞威脅

CVE-2021-2132110.0

fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-r...

CVE-2021-2732910.0

Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names.

CVE-2021-4422810.0

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration...

CVE-2021-2132210.0

fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By c...