CVE-2021-43555 HIGH

CVE-2021-43555: mySCADA myDESIGNER

Vendor Myscada

Product myDESIGNER

Weakness CWE-23

Published November 19, 2021

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

7.3/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H

What the vulnerability does

01Description

mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. This vulnerability may allow an attacker to plant files on the file system in arbitrary locations or overwrite existing files, resulting in remote code execution.

Key dates

02Disclosure timeline

November 19, 2021 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-43555 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/23.html

Related vulnerabilities

CVE-2021-43555: mySCADA myDESIGNER

01Description

02Disclosure timeline

03References

04Related CVE