Main Vulnerability Database Vulnerabilities #VU58195

Path traversal in Siemens products - CVE-2021-42021

Published: November 16, 2021

Vulnerability identifier: #VU58195

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2021-42021

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Siveillance Video DLNA Server 2019 R1
Siveillance Video DLNA Server 2019 R2
Siveillance Video DLNA Server 2019 R3
Siveillance Video DLNA Server 2020 R1
Siveillance Video DLNA Server 2020 R2
Siveillance Video DLNA Server 2020 R3
Siveillance Video DLNA Server 2021 R1

Software vendor:
Siemens

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Remediation

Install update from vendor's website.

External links

https://cert-portal.siemens.com/productcert/pdf/ssa-755517.pdf

Path traversal in Siemens products - CVE-2021-42021

Description

Remediation

External links

Please verify you're human