The command line arguments that are passed to an emulator when starting it via SOPAS ET, are part of the SDD manifest. Attackers could manipulate the arguments to pass in any value to the executable. In combination with CVE-2021-32498 the attacker could target an arbitrary executable with any arguments on the host system.

Risk Information

  • CVE ID
  • CVE-2021-32499
  • Vendor
  • SICK
  • Product
  • SOPAS Engineering Tool
  • CVSS v3
  • 8.6