CVE-2021-42540

CWE-123 WRITE-WHAT-WHERE CONDITION:
The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.

Risk Information

  • CVE ID
  • CVE-2021-42540
  • Vendor
  • Emerson
  • Product
  • WirelessHART Gateway
  • CVSS v3
  • 8.0