Skip to main content

Webhmi Firmware

4 CVEs product

Monthly

CVE-2022-2254 MEDIUM This Month

A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact other logged in users. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Webhmi Firmware
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2253 CRITICAL Act Now

A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Webhmi Firmware
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-43936 CRITICAL POC PATCH THREAT Act Now

The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Webhmi Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
35.8%
CVE-2021-43931 CRITICAL PATCH Act Now

The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Webhmi Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
EPSS 0% CVSS 4.8
MEDIUM This Month

A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact other logged in users. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Webhmi Firmware
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Webhmi Firmware
NVD
EPSS 36% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Webhmi Firmware
NVD Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Webhmi Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy