Lucene search
IcscertCVELIST:CVE-2021-43930HistoryApr 28, 2022 - 2:53 p.m.
CVE-2021-43930 Elcomplus SmartPtt Path Traversal
2022-04-2814:53:29
CWE-22
icscert
www.cve.org
3
elcomplus smartptt
path traversal
cve-2021-43930
security vulnerability
download requests
path traversal attacks
arbitrary files
CVSS3
4.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
AI Score
5.5
Confidence
High
EPSS
0.001
Percentile
28.7%
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system.
CNA Affected
[
{
"product": "SmartPTT",
"vendor": "Elcomplus",
"versions": [
{
"status": "affected",
"version": "1.1"
}
]
}
]Related
prion
prion
Path traversal
2022-04-28 15:15:00
nvd
nvd
CVE-2021-43930
2022-04-28 15:15:08
cve
cve
CVE-2021-43930
2022-04-28 15:15:08
ics
ics
Elcomplus SmartPTT SCADA
2022-04-25 12:00:00
Elcomplus SmartPTT SCADA Server
2022-04-25 12:00:00
CVSS3
4.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
AI Score
5.5
Confidence
High
EPSS
0.001
Percentile
28.7%
Related for CVELIST:CVE-2021-43930