← back
CVE-2021-42022

CVE-2021-42022

EPSS 0.9%CWE-22
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
14 Dec 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Package (All versions < V21.00 SP3). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files. The affected file download function is disabled by default.
Affected products
Siemens · SIMATIC eaSie PCS 7 Skill Package

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert-portal.siemens.com/productcert/pdf/ssa-199605.pdf