mySCADA myDESIGNER
CVE-2021-43555

7.3HIGH

Key Information:

Vendor: Myscada
Status: Mydesigner
Vendor: CVE Published:; 19 November 2021

What is CVE-2021-43555?

mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. This vulnerability may allow an attacker to plant files on the file system in arbitrary locations or overwrite existing files, resulting in remote code execution.

Affected Version(s)

myDESIGNER All <= 8.20.0

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-313-04

x_refsource_MISC

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 19, 2021
Vulnerability Reserved
Nov 8, 2021

Myscada

What is CVE-2021-43555?

Affected Version(s)

References

CVSS V3.1

Timeline