CVE-2021-43555 Vulnerability Details

  /     /     /  

CVE-2021-43555 Metadata Quick Info

CVE Published: 19/11/2021 | CVE Updated: 17/09/2024 | CVE Year: 2021
Source: icscert | Vendor: mySCADA | Product: myDESIGNER
Status : PUBLISHED

---

CVE-2021-43555 Description

mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. This vulnerability may allow an attacker to plant files on the file system in arbitrary locations or overwrite existing files, resulting in remote code execution.

Metrics

CVSS Version: 3.1 | Base Score: 7.3 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-23
CWE Name: CWE-23 Relative Path Traversal
Source: mySCADA

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).