ICSA-22-109-04 · Published 2022-04-19 · View on CISA ICS-CERT ↗

Elcomplus SmartPTT SCADA

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could provide attackers a way to traverse the file system to access files or directories that are outside of the restricted directory; allow the upload or transfer files of dangerous types that can be automatically processed within the product's environment; allow an unauthorized access to an action or a resource; or allow a user to store dangerous data in a trusted database.

CVEs (4)

CVE-2021-43932 CVE-2021-43939 CVE-2021-43934 CVE-2021-43930

Remediations

Elcomplus has released an update to fix these vulnerabilities and recommends users upgrade to Version 2.3.4 or later.
For more information, please contact Elcomplus support.

Affected Vendors

Elcomplus LLC

Affected Products (1)

Elcomplus LLC · SmartPTT SCADA 1.1

Affected Sectors

Communications

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more