CRITICAL🇬🇧 English

CVE-2021-45427

CVSS 9.8v3.1pub. 2021-12-30upd. 2024-11-21

Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Emerson Xweb300d Evo

    HW
    Emerson
    wszystkie wersje
  • Emerson Xweb300d Evo Firmware

    OS
    Emerson
    3.0.7
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2023-46687CRITICAL9.8PL ✓ten sam vendor

Emerson Rosemount GC370XA/GC700XA/GC1500XA — zdalne RCE jako root bez uwierzytelnienia

CVE-2023-1935CRITICAL9.4ten sam vendor

ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain un...

CVE-2022-30264CRITICAL9.8ten sam vendor

The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They ...

CVE-2020-10640CRITICAL10.0ten sam vendor

Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system p...

CVE-2021-45420CRITICAL9.8ten sam vendor

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upl...