Lucene search
IcscertCVELIST:CVE-2021-43934HistoryApr 28, 2022 - 2:54 p.m.
CVE-2021-43934 Elcomplus SmartPtt Unrestricted Upload of File with Dangerous Type
2022-04-2814:54:20
CWE-434
icscert
www.cve.org
2
cve-2021-43934
elcomplus smartptt
unrestricted upload
dangerous file type
security vulnerability
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.7
Confidence
High
EPSS
0.002
Percentile
57.0%
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate upload requests, enabling a malicious user to potentially upload arbitrary files.
CNA Affected
[
{
"product": "SmartPTT",
"vendor": "Elcomplus",
"versions": [
{
"status": "affected",
"version": "1.1"
}
]
}
]Related
nvd
nvd
CVE-2021-43934
2022-04-28 15:15:09
cve
cve
CVE-2021-43934
2022-04-28 15:15:09
prion
prion
Design/Logic Flaw
2022-04-28 15:15:00
ics
ics
Elcomplus SmartPTT SCADA
2022-04-25 12:00:00
Elcomplus SmartPTT SCADA Server
2022-04-25 12:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.7
Confidence
High
EPSS
0.002
Percentile
57.0%
Related for CVELIST:CVE-2021-43934