When an SDD contains an emulator, the emulator location is part of the SDD manifest. Attackers could manipulate this location and use path traversal to target an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET, the corresponding executable will be started instead of the emulator.

Risk Information

  • CVE ID
  • CVE-2021-32498
  • Vendor
  • SICK
  • Product
  • SOPAS Engineering Tool
  • CVSS v3
  • 8.6