ICSA-21-336-03 · Published 2021-12-02 · View on CISA ICS-CERT ↗

Distributed Data Systems WebHMI

CVSS 10.0 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an administrator account login without password authentication and remote code execution with root privileges.

CVEs (2)

CVE-2021-43931 CVE-2021-43936

Remediations

Upgrading the platform software to the latest release, Version 4.1

Affected Vendors

Distributed Data Systems

Affected Products (1)

Distributed Data Systems · WebHMI < 4.1

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more