CVE-2021-43938 HIGH

CVE-2021-43938: Elcomplus SmartPTT SCADA Server Information Exposure

Vendor Elcomplus

Product SmartPTT SCADA Server

Weakness CWE-200 · Info exposure

Published April 29, 2022

Last update April 16, 2025

View on NVD All CVEs

CVSS base score

8.1/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization.

Key dates

02Disclosure timeline

April 29, 2022 CVE published

April 16, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-43938 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

CVE-2021-43938: Elcomplus SmartPTT SCADA Server Information Exposure

01Description

02Disclosure timeline

03References

04Related CVE