CVE-2021-33841

EUVD-2021-20515
SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
INCIBECNA
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
Affected Products (NVD)
VendorProductVersion
circutorsge-plc1000_firmware
0.9.2b:b
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/circutor-sge-plc1000-os-command-injection
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/circutor-sge-plc1000-os-command-injection