CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-34605

A zip slip vulnerability in XINJE XD/E Series PLC Program Tool up to version v3.5.1 can provide an attacker with arbitrary file write privilege when opening a specially-crafted project file. This vulnerability can be triggered by manually opening an infected project file, or by initiating an upload program request from an infected Xinje PLC. This can result in remote code execution, information disclosure and denial of service of the system running the XINJE XD/E Series PLC Program Tool.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.9%

CVSS Severity

CVSS v3 Score 7.3

CVSS v2 Score 6.0

References

https://claroty.com/2022/05/11/blog-research-from-project-file-to-code-execution-exploiting-vulnerabilities-in-xinje-plc-program-tool/
https://claroty.com/2022/05/11/blog-research-from-project-file-to-code-execution-exploiting-vulnerabilities-in-xinje-plc-program-tool/

Products affected by CVE-2021-34605

Xinje » Xd/e Series Plc Program Tool » Version: Any

cpe:2.3:a:xinje:xd/e_series_plc_program_tool:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-34605

Products

Pricing

Contact Us