← Back

CVE-2021-41057

nvd nist
Published: Nov 14, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.1
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Exploitability: 1.8 / Impact: 5.2
Source: NVD

Description

In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions.

Affected (13)

Wibu
1 product
Codemeter Runtime
Siemens
9 products
Pss Cape
Pss E
Pss Odms
Sicam 230
Simatic Information Server
Simatic Pcs Neo
Simatic Process Historian
Simatic Wincc Oa
Simit
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Codemeter Runtime
Before 7.30a
Running on/withPlatform Versions
Microsoft
Windows
All versions
Configuration B
12 vulnerable
Vulnerable SoftwareAffected Versions
Pss Cape
Version 14
Siemens
Pss E
From 34.0.0 to 34.9.1
Pss E
From 35.0.0 to 35.3.2
Pss Odms
Before 12.2.6.1
Sicam 230
Before 8.0
Siemens
Simatic Information Server
Before 2019
Simatic Information Server
Version 2019
Simatic Information Server
Version 2019 sp1
Simatic Pcs Neo
All versions
Simatic Process Historian
Up to 2019
Simatic Wincc Oa
Up to 3.18
Simit
Up to 10.0

Related CWEs

CWE-59
Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (6)

Source: cve@mitre.org
MitigationVendor Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.