Main Vulnerability Database Vulnerabilities #VU55517

#VU55517 Buffer overflow in HMI3 Control Panel and Nexus Panel - CVE-2021-37165

Published: August 3, 2021

Vulnerability identifier: #VU55517

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2021-37165

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
HMI3 Control Panel
Nexus Panel

Software vendor:
Swisslog Healthcare

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the "hmiProcessMsg" function. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://www.armis.com/PwnedPiper
https://www.swisslog-healthcare.com

#VU55517 Buffer overflow in HMI3 Control Panel and Nexus Panel - CVE-2021-37165

Description

Remediation

External links

Please verify you're human