{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T18:22:45.198","vulnerabilities":[{"cve":{"id":"CVE-2021-43936","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2021-12-06T18:15:08.353","lastModified":"2024-11-21T06:30:02.140","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution."},{"lang":"es","value":"El software permite al atacante cargar o transferir archivos de tipos peligrosos al portal WebHMI, que pueden ser procesados automáticamente dentro del entorno del producto o conllevar a una ejecución de código arbitrario"}],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:webhmi:webhmi_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"4.1","matchCriteriaId":"194BB82B-39C9-4A70-BFBE-2C2CE273556D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:webhmi:webhmi:-:*:*:*:*:*:*:*","matchCriteriaId":"A01C62B5-41A7-407B-BB31-668756184F45"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.html","source":"ics-cert@hq.dhs.gov","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03","source":"ics-cert@hq.dhs.gov","tags":["Patch","Third Party Advisory","US Government Resource"]},{"url":"http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","US Government Resource"]}]}}]}