{"containers":{"cna":{"affected":[{"product":"WebHMI","vendor":"Distributed Data Systems","versions":[{"lessThan":"4.1","status":"affected","version":"4.1","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Marcin Dudek of CERT.PL reported these vulnerabilities to CISA."}],"descriptions":[{"lang":"en","value":"The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution."}],"exploits":[{"lang":"en","value":"None"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":10,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"description":"Unrestricted Upload of File with Dangerous Type","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2021-12-13T16:06:24.000Z","orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert"},"references":[{"tags":["x_refsource_MISC"],"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03"},{"tags":["x_refsource_MISC"],"url":"http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.html"}],"source":{"advisory":"ICSA-21-336-03","defect":["CWE-434"],"discovery":"EXTERNAL"},"title":"Distributed Data Systems WebHM","workarounds":[{"lang":"en","value":"Distributed Data Systems recommends upgrading the platform software to the latest release, Version 4.1"}],"x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","ID":"CVE-2021-43936","STATE":"PUBLIC","TITLE":"Distributed Data Systems WebHM"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"WebHMI","version":{"version_data":[{"version_affected":"<","version_name":"4.1","version_value":"4.1"}]}}]},"vendor_name":"Distributed Data Systems"}]}},"credit":[{"lang":"eng","value":"Marcin Dudek of CERT.PL reported these vulnerabilities to CISA."}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution."}]},"exploit":[{"lang":"en","value":"None"}],"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":10,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Unrestricted Upload of File with Dangerous Type"}]}]},"references":{"reference_data":[{"name":"https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03","refsource":"MISC","url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03"},{"name":"http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.html"}]},"source":{"advisory":"ICSA-21-336-03","defect":["CWE-434"],"discovery":"EXTERNAL"},"work_around":[{"lang":"en","value":"Distributed Data Systems recommends upgrading the platform software to the latest release, Version 4.1"}]}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T04:10:16.987Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.html"}]}]},"cveMetadata":{"assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","assignerShortName":"icscert","cveId":"CVE-2021-43936","datePublished":"2021-12-06T17:39:24.000Z","dateReserved":"2021-11-16T00:00:00.000Z","dateUpdated":"2024-08-04T04:10:16.987Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}