CVE Daily

CVE-2021-45427

Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary fi...

Critical CVSS 9.8

Overview

Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal.

CWE: CWE-22 Published: 2021-12-30T12:15:07.563
Risk analysis

This vulnerability is rated 🔴 CRITICAL.

  • CVSS: 9.8 (CRITICAL)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags