CVE-2021-43555

mySCADA myDESIGNER

Description

mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. This vulnerability may allow an attacker to plant files on the file system in arbitrary locations or overwrite existing files, resulting in remote code execution.

Remediation

Solution:

mySCADA recommends users apply update v8.22.0 or later. Upgrade note: RFID card access has been redesigned. If a user uses an RFID card to login, the user will need to re-enter the password for all RFID users in the project after the update is applied.

References

Link	Tags
https://us-cert.cisa.gov/ics/advisories/icsa-21-313-04	us government resource third party advisory patch

Frequently Asked Questions

What is the severity of CVE-2021-43555?: CVE-2021-43555 has been scored as a high severity vulnerability.
How to fix CVE-2021-43555?: To fix CVE-2021-43555: mySCADA recommends users apply update v8.22.0 or later. Upgrade note: RFID card access has been redesigned. If a user uses an RFID card to login, the user will need to re-enter the password for all RFID users in the project after the update is applied.
Is CVE-2021-43555 being actively exploited in the wild?: It is possible that CVE-2021-43555 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~2% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-43555?: CVE-2021-43555 affects mySCADA myDESIGNER.

Description

Remediation

Categories

CWE-23 – Relative Path Traversal

CWE-22 – Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

References

Frequently Asked Questions