CVE-2021-33841 | SGE-PLC1000 device, in its 0.9.2b firmware version, does not… | CVSS 10.0 CRITICAL

Description

SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges.

Metadata

CVE ID: CVE-2021-33841
State: PUBLISHED
Assigner: INCIBE
Reserved: 2021-06-04 00:00 UTC
Published: 2021-06-09 11:50 UTC
Last updated: 2024-09-16 17:59 UTC
Primary CWE: CWE-78
CWE-78: Improper Neutralization of Special Elements used in …
Vendor / Product: Circutor / SGE-PLC1000
Sources: cve.org · NVD

Severity & Metrics

10.0 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected products (1)

Vendor	Product	Platform	Versions
Circutor	SGE-PLC1000	—	0.9.2b

Weakness (CWE)

CWE	Source	Description
CWE-78	cna	CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References (1)

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/circutor-sge-plc1000-os-command-injection