← Back to CVEs
CVE-2021-45420
CRITICAL9.8
Description
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published2/14/2022
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
emerson:dixell_xweb-500emerson:dixell_xweb-500_firmware
Weaknesses (CWE)
CWE-200CWE-306CWE-668
References
http://dixell.com(cve@mitre.org)
http://emerson.com(cve@mitre.org)
https://www.swascan.com/emerson(cve@mitre.org)
http://dixell.com(af854a3a-2127-422b-91ae-364da2661108)
http://emerson.com(af854a3a-2127-422b-91ae-364da2661108)
https://www.swascan.com/emerson(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.