CVE-2021-45427

Name of the Vulnerable Software and Affected Versions: Emerson XWEB 300D EVO version 3.0.7--3ee403

Description: The issue allows for unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal.

Recommendations: For Emerson XWEB 300D EVO version 3.0.7--3ee403, consider restricting access to sensitive files and directories to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the ability to delete files without proper authentication. At the moment, there is no information about a newer version that contains a fix for this vulnerability.