CVE-2021-45427

Опубликовано: 30 дек. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal.

Ссылки

https://drive.google.com/file/d/1IN7p9OKRgdszMVC1TKuZQDa4ySCPmQzO/view?usp=sharing
Third Party Advisory
https://drive.google.com/file/d/1RegGlCrtyQwW9DUirAbPDiIHKBWgsBea/view?usp=sharing
Third Party Advisory
https://drive.google.com/file/d/1iusYdheb62dom0DnvAzEiNR-e4EXSf2k/view?usp=sharing
Exploit
Third Party Advisory
https://drive.google.com/file/d/1IN7p9OKRgdszMVC1TKuZQDa4ySCPmQzO/view?usp=sharing
Third Party Advisory
https://drive.google.com/file/d/1RegGlCrtyQwW9DUirAbPDiIHKBWgsBea/view?usp=sharing
Third Party Advisory
https://drive.google.com/file/d/1iusYdheb62dom0DnvAzEiNR-e4EXSf2k/view?usp=sharing
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:emerson:xweb300d_evo_firmware:3.0.7:3ee403:*:*:*:*:*:*

cpe:2.3:h:emerson:xweb300d_evo:-:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.0225

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-6crc-x5g7-hpmc

github

около 4 лет назад