Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2022-05513
HistoryDec 04, 2021 - 12:00 a.m.

Distributed Data Systems WebHMI File Upload Vulnerability

2021-12-0400:00:00
China National Vulnerability Database
www.cnvd.org.cn
13

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems of Ukraine. It is used to monitor and control any automation system on the local network and over the Internet via computers and mobile devices.A file upload vulnerability exists in Distributed Data Systems WebHMI, which stems from the product’s failure to validate the type of files uploaded, and can be exploited by attackers to cause arbitrary code execution by uploading dangerous files.

CPENameOperatorVersion
distributed data systems webhmilt4.1

Related

zdt 1
prion 1
packetstorm 1
cve 1
githubexploit 1
exploitdb 1
ics 1
checkpoint_advisories 1
zdt
zdt
WebHMI 4.0 - Remote Code Execution Exploit
2021-12-13 00:00:00
prion
prion
Code injection
2021-12-06 18:15:00
packetstorm
packetstorm
WebHMI 4.0 Remote Code Execution
2021-12-13 00:00:00
cve
cve
CVE-2021-43936
2021-12-06 18:15:00
githubexploit
githubexploit
Exploit for Unrestricted Upload of File with Dangerous Type in Webhmi Webhmi Firmware
2021-12-12 22:31:00
exploitdb
exploitdb
WebHMI 4.0 - Remote Code Execution (RCE) (Authenticated)
2021-12-13 00:00:00
ics
ics
Distributed Data Systems WebHMI
2021-12-02 12:00:00
checkpoint_advisories
checkpoint_advisories
Command Injection Over HTTP (CVE-2019-9166; CVE-2021-43936; CVE-2022-1813; CVE-2022-24086; CVE-2022-24193; CVE-2022-26536; CVE-2022-32092; CVE-2022-37810; CVE-2022-40048)
2016-07-26 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON
Related for CNVD-2022-05513
zdt1prion1packetstorm1cve1githubexploit1exploitdb1ics1checkpoint_advisories1