CVE-2021-45420
high-risk
Published 2022-02-14
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced
Do I need to act?
!
82.3% chance of exploitation in next 30 days
EPSS score — higher than 18% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (6)
Product
http://dixell.com
Vendor Advisory
http://emerson.com
Exploit
https://www.swascan.com/emerson
Product
http://dixell.com
Vendor Advisory
http://emerson.com
Exploit
https://www.swascan.com/emerson
57
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
20/34 · Moderate
Exposure
5/34 · Minimal