CVE-2021-43936

The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution.
References
Link Resource
http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.html Exploit Third Party Advisory VDB Entry
https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03 Patch Third Party Advisory US Government Resource
http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.html Exploit Third Party Advisory VDB Entry
https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03 Patch Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:webhmi:webhmi_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:webhmi:webhmi:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:30

Type Values Removed Values Added
CVSS v2 : 10.0
v3 : 9.8
v2 : 10.0
v3 : 10.0
References () http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry
References () https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03 - Patch, Third Party Advisory, US Government Resource () https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03 - Patch, Third Party Advisory, US Government Resource

12 Apr 2022, 18:06

Type Values Removed Values Added
References (MISC) http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.html - (MISC) http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry

13 Dec 2021, 17:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.html -

07 Dec 2021, 01:32

Type Values Removed Values Added
References (MISC) https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03 - (MISC) https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03 - Patch, Third Party Advisory, US Government Resource
CPE cpe:2.3:o:webhmi:webhmi_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:webhmi:webhmi:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 10.0
v3 : 9.8
CWE CWE-434

06 Dec 2021, 18:21

Type Values Removed Values Added
New CVE

Information

Published : 2021-12-06 18:15

Updated : 2024-11-21 06:30


NVD link : CVE-2021-43936

Mitre link : CVE-2021-43936

CVE.ORG link : CVE-2021-43936


JSON object : View

Products Affected

webhmi

  • webhmi
  • webhmi_firmware
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type