CVE-2021-43555
published 2021-11-19CVE-2021-43555: mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path…
PriorityP356high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
37.99%
98.4th percentile
mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. This vulnerability may allow an attacker to plant files on the file system in arbitrary locations or overwrite existing files, resulting in remote code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| myscada | mydesigner | <= 8.20.0 | — |
| myscada | mydesigner | All – 8.20.0 | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
mySCADA myDESIGNER
cisa_ics·2021-11-10·CVSS 7.3
[HIGH] mySCADA myDESIGNER
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
mySCADA myDESIGNER
Last RevisedNovember 10, 2021
Alert CodeICSA-21-313-04
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.3
- ATTENTION: Low attack complexity
- Vendor: mySCADA
- Equipment: myDESIGNER
- Vulnerability: Relative Path Traversal
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow for remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of mySCADA myDESIGNER project creation software are affected:
- myDESIGNER: Versions 8.20.0 and prior
## 3.2 VULNERABILITY OVERVIEW
## 3.2.1 RELATIVE PATH TRAVERSAL
GHSA
GHSA-hq87-gpw4-cg65: mySCADA myDESIGNER Versions 8
ghsa_unreviewed·2022-05-24
CVE-2021-43555 [HIGH] CWE-22 GHSA-hq87-gpw4-cg65: mySCADA myDESIGNER Versions 8
mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. This vulnerability may allow an attacker to plant files on the file system in arbitrary locations or overwrite existing files, resulting in remote code execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-11-19
Published