PT-2021-23441 · Socomec · Socomec Remote View Pro

Published

2021-12-15

Updated

2021-12-17

CVE-2021-41870

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Socomec REMOTE VIEW PRO version 2.0.41.4

Description An issue was discovered in the firmware update form, allowing an authenticated attacker to bypass a client-side file-type check and upload arbitrary .php files.

Recommendations For Socomec REMOTE VIEW PRO version 2.0.41.4, consider restricting access to the firmware update form until a patch is available. As a temporary workaround, disabling the firmware update functionality can help minimize the risk of exploitation.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2021-41870

Affected Products

Socomec Remote View Pro

PT-2021-23441 · Socomec · Socomec Remote View Pro

CVE-2021-41870

Weakness Enumeration

Related Identifiers

Affected Products

References · 4