Vulnerability Description
The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emerson | Wireless 1410 Gateway Firmware | < 4.7.94 |
| Emerson | Wireless 1410 Gateway | All versions |
| Emerson | Wireless 1410D Gateway Firmware | < 4.7.94 |
| Emerson | Wireless 1410D Gateway | All versions |
| Emerson | Wireless 1420 Gateway Firmware | < 4.7.94 |
| Emerson | Wireless 1420 Gateway | - |
Related Weaknesses (CWE)
References
- https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02PatchThird Party AdvisoryUS Government Resource
- https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02PatchThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2021-38485?
CVE-2021-38485 is a vulnerability with a CVSS score of 8.0 (HIGH). The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk.
How severe is CVE-2021-38485?
CVE-2021-38485 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-38485?
Check the references section above for vendor advisories and patch information. Affected products include: Emerson Wireless 1410 Gateway Firmware, Emerson Wireless 1410 Gateway, Emerson Wireless 1410D Gateway Firmware, Emerson Wireless 1410D Gateway, Emerson Wireless 1420 Gateway Firmware.