ICSA-21-077-03 — Vulnetix

ICSA-21-077-03 PUBLISHED CVSS 9.800000190734863 CRITICAL

Successful exploitation of these vulnerabilities could allow an attacker to upload malicious files to the server, discover sensitive information, or execute arbitrary code.

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
	eSOMS: all versions prior to 6.3 using a version of Telerik software

Timeline

May 17, 2020 PoC Published
Mar 18, 2021 CVE Published

References

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-077-03.json advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-21-077-03 advisory
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B url
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8943&LanguageCode=en&DocumentPartId=&Action=Launch fix
https://www.hitachiabb-powergrids.com/contact-us/ fix

Open in Interactive Console →