Vulnerability Description
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webhmi | Webhmi Firmware | < 4.1 |
| Webhmi | Webhmi | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.htmExploitThird Party AdvisoryVDB Entry
- https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03PatchThird Party AdvisoryUS Government Resource
- http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.htmExploitThird Party AdvisoryVDB Entry
- https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03PatchThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2021-43936?
CVE-2021-43936 is a vulnerability with a CVSS score of 10.0 (CRITICAL). The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code exe...
How severe is CVE-2021-43936?
CVE-2021-43936 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-43936?
Check the references section above for vendor advisories and patch information. Affected products include: Webhmi Webhmi Firmware, Webhmi Webhmi.