CVE-2021-45421
moderate-risk
Published 2022-02-14
Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed or replaced
Do I need to act?
-
0.39% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (6)
Product
http://dixell.com
Vendor Advisory
http://emerson.com
Exploit
https://www.swascan.com/emerson
Product
http://dixell.com
Vendor Advisory
http://emerson.com
Exploit
https://www.swascan.com/emerson
32
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal