1. Home
  2. CVE Database
  3. CVE-2021-40222
HIGH · 7.2

CVE-2021-40222

Rittal CMC PU III Web management Version affected: V3.11.00_2. Version fixed: V3.17.10 is affected by a remote code execution vulnerablity. It is possible to introduce shell code to create a reverse s...

Vulnerability Description

Rittal CMC PU III Web management Version affected: V3.11.00_2. Version fixed: V3.17.10 is affected by a remote code execution vulnerablity. It is possible to introduce shell code to create a reverse shell in the PU-Hostname field of the TCP/IP Configuration dialog. Web application fails to sanitize user input on Network TCP/IP configuration page. This allows the attacker to inject commands as root on the device which will be executed once the data is received.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
RittalCmc Pu Iii 7030.000 Firmware>= 3.11.00_2, < 3.17.10
RittalCmc Pu Iii 7030.0003.00

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2021-40222?

CVE-2021-40222 is a vulnerability with a CVSS score of 7.2 (HIGH). Rittal CMC PU III Web management Version affected: V3.11.00_2. Version fixed: V3.17.10 is affected by a remote code execution vulnerablity. It is possible to introduce shell code to create a reverse s...

How severe is CVE-2021-40222?

CVE-2021-40222 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-40222?

Check the references section above for vendor advisories and patch information. Affected products include: Rittal Cmc Pu Iii 7030.000 Firmware, Rittal Cmc Pu Iii 7030.000.