← Back to CVEs
CVE-2021-43555
HIGH7.3
Description
mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. This vulnerability may allow an attacker to plant files on the file system in arbitrary locations or overwrite existing files, resulting in remote code execution.
CVE Details
CVSS v3.1 Score7.3
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
Published11/19/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
myscada:mydesigner
Weaknesses (CWE)
CWE-23CWE-22
References
https://us-cert.cisa.gov/ics/advisories/icsa-21-313-04(ics-cert@hq.dhs.gov)
https://us-cert.cisa.gov/ics/advisories/icsa-21-313-04(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.