ICSA-22-109-05 · Published 2022-04-19 · View on CISA ICS-CERT ↗

Elcomplus SmartPTT SCADA Server

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an unauthorized user to store dangerous data in a trusted database; potentially exposing sensitive information; allow malicious users to upload arbitrary files; provide attackers a way to traverse the file system to access files or directories that are outside of the restricted directory; or result in exposure of data or unintended code execution.

CVEs (5)

CVE-2021-43932 CVE-2021-43938 CVE-2021-43934 CVE-2021-43930 CVE-2021-43937

Remediations

Elcomplus has released an update to fix these vulnerabilities and recommends users upgrade to Version 2.3.4 or later.
For more information, please contact Elcomplus support.

Affected Vendors

Elcomplus LLC

Affected Products (1)

Elcomplus LLC · SmartPTT SCADA Server 1.4

Affected Sectors

Communications

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more