Lucene search
K

19 matches found

Nuclei
Nuclei
added yesterday17 views

Emerson Dixell XWEB-500 - Arbitrary File Write

Emerson Dixell XWEB-500 contains an arbitrary file write caused by unauthenticated access to /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi, letting attackers write any file on the system, exploit requires no authentication. id: CVE-2021-45420 info: name: Emerson...

10CVSS7.3AI score0.22138EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 9:9 p.m.6 views

CVE-2021-45420

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to...

10CVSS8.1AI score0.22138EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2024/01/31 12:0 a.m.5 views

The vulnerability of the server for computer control and monitoring of Emerson Dixell XWEB-500 allows a intruder to execute arbitrary code.

The vulnerability of the server for computer control and monitoring of refrigeration equipment from Emerson Dixell XWEB-500 is related to the absence of authentication for a critical function. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

10CVSS7.4AI score0.22138EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2024/01/31 12:0 a.m.6 views

The vulnerability of the server for computer control and monitoring systems of Emerson Dixell XWEB-500 allows a intruder to disclose protected information.

The vulnerability of the server used for computer control and monitoring of Emerson Dixell XWEB-500 relates to the lack of protection for operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose the protected information...

7.8CVSS7AI score0.01592EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2024/01/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-45420

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can...

10CVSS7.4AI score0.22138EPSS
Exploits1References1
Check Point Advisories
Check Point Advisories
added 2022/06/13 12:0 a.m.9 views

Emerson Dixell Arbitrary File Write (CVE-2021-45420)

An arbitrary file write vulnerability exists in Emerson Dixell. Successful exploitation of this vulnerability could result in denial of service and potentially code execution on the affected system...

10CVSS5.8AI score0.22138EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2022/02/14 2:15 p.m.2 views

CVE-2021-45421

Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed or replaced...

7.5CVSS7.1AI score0.01592EPSS
Exploits1References4
NVD
NVD
added 2022/02/14 2:15 p.m.28 views

CVE-2021-45420

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to...

10CVSS0.22138EPSS
Exploits1References3
NVD
NVD
added 2022/02/14 2:15 p.m.19 views

CVE-2021-45421

Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed or replaced...

7.5CVSS0.01592EPSS
Exploits1References3
Prion
Prion
added 2022/02/14 2:15 p.m.13 views

Design/Logic Flaw

UNSUPPORTED WHEN ASSIGNED Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication...

10CVSS9.7AI score0.22138EPSS
Exploits1References3
Prion
Prion
added 2022/02/14 2:15 p.m.21 views

Information disclosure

UNSUPPORTED WHEN ASSIGNED Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed ...

5CVSS7.3AI score0.01592EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/02/14 1:8 p.m.38 views

CVE-2021-45420

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to...

10AI score0.22138EPSS
Exploits1References1
CVE
CVE
added 2022/02/14 1:8 p.m.102 views

CVE-2021-45420

Emerson Dixell XWEB-500 devices are affected by an unauthenticated arbitrary file-write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. Exploitation allows writing arbitrary files to the target system, with potential denial of service and remote ...

10CVSS7.5AI score0.22138EPSS
In wildExploits1References3Affected Software1
Cvelist
Cvelist
added 2022/02/14 1:8 p.m.56 views

CVE-2021-45421

Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed or replaced...

7.5AI score0.01592EPSS
Exploits1References1
CVE
CVE
added 2022/02/14 1:8 p.m.98 views

CVE-2021-45421

Summary (CVE-2021-45421): Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A misconfiguration in the embedded web server allows an attacker to access files in remote directories. The affected device is described as no longer supported since 2018 and s...

7.5CVSS7AI score0.01592EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/02/14 12:0 a.m.5 views

PT-2022-7246 · Emerson · Emerson Dixell Xweb-500

Name of the Vulnerable Software and Affected Versions: Emerson Dixell XWEB-500 affected versions not specified Description: The issue is related to information disclosure via directory listing, allowing a potential attacker to access all files in remote directories. This is due to a...

7.8CVSS6.9AI score0.01592EPSS
Exploits1References7
0day.today
0day.today
added 2022/01/06 12:0 a.m.324 views

Dixell XWEB 500 - Arbitrary File Write Vulnerability

Exploit Title: Dixell XWEB-500 - Arbitrary File Write Google Dork: inurl:"xweb500.cgi" Exploit Author: Roberto Palamaro Vendor Homepage: https://climate.emerson.com/it-it/shop/1/dixell-electronics-sku-xweb500-evo-it-it Version: XWEB-500 Tested on: Dixell XWEB-500 References:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/05 12:0 a.m.242 views

Dixell XWEB 500 Arbitrary File Write

Exploit Title: Dixell XWEB-500 - Arbitrary File Write Google Dork: inurl:"xweb500.cgi" Date: 03/01/2022 Exploit Author: Roberto Palamaro Vendor Homepage: https://climate.emerson.com/it-it/shop/1/dixell-electronics-sku-xweb500-evo-it-it Version: XWEB-500 Tested on: Dixell XWEB-500 References:...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2022/01/05 12:0 a.m.284 views

Dixell XWEB 500 - Arbitrary File Write

Exploit Title: Dixell XWEB-500 - Arbitrary File Write Google Dork: inurl:"xweb500.cgi" Date: 03/01/2022 Exploit Author: Roberto Palamaro Vendor Homepage: https://climate.emerson.com/it-it/shop/1/dixell-electronics-sku-xweb500-evo-it-it Version: XWEB-500 Tested on: Dixell XWEB-500 References:...

7.4AI score
Exploits0
Rows per page
Query Builder