CVE-2021-32498: Path Traversal
First published: Fri Dec 17 2021(Updated: )
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the emulator
Credit: psirt@sick.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sick Sopas Engineering Tool | <4.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-32498?
CVE-2021-32498 has been assigned a medium severity rating due to the potential for arbitrary code execution.
How do I fix CVE-2021-32498?
To fix CVE-2021-32498, upgrade to SICK SOPAS ET version 4.8.0 or later.
What systems are affected by CVE-2021-32498?
CVE-2021-32498 affects SICK SOPAS ET versions before 4.8.0.
What kind of attack does CVE-2021-32498 enable?
CVE-2021-32498 enables attackers to manipulate pathnames and execute arbitrary executables on the host system.
What does the exploit for CVE-2021-32498 involve?
The exploit for CVE-2021-32498 involves using path traversal techniques to launch unauthorized executables.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/references
- agent/severity
- agent/tags
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- vendor/sick
- canonical/sick sopas engineering tool