CVE-2021-43555 : What You Need to Know
Discover the impact of CVE-2021-43555 on mySCADA myDESIGNER versions 8.20.0 and earlier. Learn about the vulnerability, its technical details, and mitigation steps.
mySCADA myDESIGNER Versions 8.20.0 and prior have a vulnerability that allows an attacker to execute remote code through improper validation techniques.
Understanding CVE-2021-43555
This CVE involves a path traversal vulnerability in mySCADA myDESIGNER, potentially leading to remote code execution.
What is CVE-2021-43555?
- Vulnerability in mySCADA myDESIGNER versions 8.20.0 and earlier
- Allows attackers to upload files to the system and execute remote code
The Impact of CVE-2021-43555
- CVSS Base Score: 7.3 (High)
- Attack Complexity: Low
- Attack Vector: Local
- Availability Impact: High
- Confidentiality Impact: Low
- Integrity Impact: High
- User Interaction: Required
- Privileges Required: None
- Scope: Unchanged
Technical Details of CVE-2021-43555
This section covers technical aspects of the vulnerability in mySCADA myDESIGNER.
Vulnerability Description
- Fails to validate contents of an imported project file properly
- Vulnerable to path traversal payload
Affected Systems and Versions
- Product: mySCADA myDESIGNER
- Vendor: mySCADA
- Versions affected: <= 8.20.0
Exploitation Mechanism
- Attackers can exploit the improper validation to upload files and trigger remote code execution
Mitigation and Prevention
Ways to address the CVE-2021-43555 vulnerability.
Immediate Steps to Take
- Apply update v8.22.0 or later provided by mySCADA
- After the update, users need to re-enter passwords for all RFID users if using RFID card access
Long-Term Security Practices
- Regularly update software to the latest versions
- Implement secure coding practices to prevent such vulnerabilities
- Conduct security assessments and code reviews regularly
Patching and Updates
- Users should promptly apply the recommended update to protect against this vulnerability