← back
CVE-2021-43936

Distributed Data Systems WebHM

CVSS 10 CRITICALEPSS 35.8%
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Distributed Data Systems · WebHMI
public PoCs found3
githubgithub.com/LongWayHomie/CVE-2021-439369cve_referencepacketstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50589unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.htmlhttps://us-cert.cisa.gov/ics/advisories/icsa-21-336-03