Path traversal in Siemens products - CVE-2021-42021

 

Path traversal in Siemens products - CVE-2021-42021

Published: November 16, 2021


Vulnerability identifier: #VU58195
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2021-42021
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Siemens
Affected software:
Siveillance Video DLNA Server 2019 R1
Siveillance Video DLNA Server 2019 R2
Siveillance Video DLNA Server 2019 R3
Siveillance Video DLNA Server 2020 R1
Siveillance Video DLNA Server 2020 R2
Siveillance Video DLNA Server 2020 R3
Siveillance Video DLNA Server 2021 R1

Detailed vulnerability description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.


How to mitigate CVE-2021-42021

Install update from vendor's website.

Sources