CVE-2021-43936
Distributed Data Systems WebHM
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 10EPSS 35.8%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
06 Dec 2021Published on NVD
12 Dec 2021Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Distributed Data Systems · WebHMIpublic PoCs found — 3
githubgithub.com/LongWayHomie/CVE-2021-43936★ 9cve_referencepacketstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50589unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.