10 matches found
EUVD-2021-30793
Malicious code in bioql PyPI...
CVE-2021-43936
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution...
VulnCheck KEV: CVE-2021-43936
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution...
CVE-2021-43936
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution...
CVE-2021-43936
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution...
CVE-2021-43936
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution...
CVE-2021-43931
The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error...
Authentication flaw
The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error...
Code injection
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution...
CVE-2021-43936
The CVE-2021-43936 issue affects WebHMI firmware versions prior to 4.1, enabling an Unrestricted Upload of File with Dangerous Type that can lead to arbitrary code execution. ExploitDB documents a WebHMI 4.0 RCE path requiring authentication, where an uploaded PHP payload and a reverse-shell work...