← back
CVE-2021-43936

Distributed Data Systems WebHM

CVSS 10 CRITICALEPSS 35.8%
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 10EPSS 35.8%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
06 Dec 2021Published on NVD
12 Dec 2021Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.