{"vulnerability": "cve-2021-4393", "sightings": [{"uuid": "3258a91d-9e1e-4525-aca7-73ac80930204", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43933", "type": "seen", "source": "https://t.me/cibsecurity/41177", "content": "\u203c CVE-2021-43933 \u203c\n\nThe affected product is vulnerable to a network-based attack by threat actors sending unimpeded requests to the receiving server, which could cause a denial-of-service condition due to lack of heap memory resources.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-20T20:25:44.000000Z"}, {"uuid": "adf8e15d-27b2-4c0d-b107-b54db812eaeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43936", "type": "seen", "source": "https://t.me/arpsyndicate/1858", "content": "#ExploitObserverAlert\n\nCVE-2021-43936\n\nDESCRIPTION: Exploit Observer has 8 entries related to CVE-2021-43936. The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution.\n\nFIRST-EPSS: 0.016150000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-17T22:44:53.000000Z"}, {"uuid": "317ee1e7-d297-4b31-8739-29993f1a1f09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43938", "type": "seen", "source": "https://t.me/cibsecurity/41679", "content": "\u203c CVE-2021-43938 \u203c\n\nElcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-29T20:25:12.000000Z"}, {"uuid": "02582e7b-e6c4-4c3e-b72b-ff5de9a46877", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43936", "type": "seen", "source": "https://t.me/cibsecurity/33393", "content": "\u203c CVE-2021-43936 \u203c\n\nThe software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-06T20:20:50.000000Z"}, {"uuid": "0ac8e907-01ce-4dc5-a013-2e59a817c607", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43937", "type": "seen", "source": "https://t.me/cibsecurity/41662", "content": "\u203c CVE-2021-43937 \u203c\n\nElcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-29T20:24:54.000000Z"}, {"uuid": "92f69823-c360-4558-b42a-f9345e538a39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43932", "type": "seen", "source": "https://t.me/cibsecurity/41572", "content": "\u203c CVE-2021-43932 \u203c\n\nElcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-28T18:24:15.000000Z"}, {"uuid": "ebde8672-4637-4ea9-8b61-91fbfb537cb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43939", "type": "seen", "source": "https://t.me/cibsecurity/41577", "content": "\u203c CVE-2021-43939 \u203c\n\nElcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-28T18:24:21.000000Z"}, {"uuid": "9c37f1ba-bb48-4cd4-918a-6331f57100d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43934", "type": "seen", "source": "https://t.me/cibsecurity/41575", "content": "\u203c CVE-2021-43934 \u203c\n\nElcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate upload requests, enabling a malicious user to potentially upload arbitrary files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-28T18:24:19.000000Z"}, {"uuid": "79a76cd0-0626-44f0-a857-948eee29b0e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43930", "type": "seen", "source": "https://t.me/cibsecurity/41569", "content": "\u203c CVE-2021-43930 \u203c\n\nElcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-28T18:24:12.000000Z"}, {"uuid": "e68876b2-b9c5-4c8d-9c54-f4edb4356435", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43931", "type": "seen", "source": "https://t.me/cibsecurity/33399", "content": "\u203c CVE-2021-43931 \u203c\n\nThe authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-06T20:20:59.000000Z"}, {"uuid": "641fc10f-ee0d-46b3-a357-b4143f78527f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43936", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4968", "content": "#exploit\nCVE-2021-43936:\nRCE in WebHMI Firmware\nhttps://github.com/LongWayHomie/CVE-2021-43936", "creation_timestamp": "2021-12-14T11:03:01.000000Z"}, {"uuid": "aadf0572-c101-4af6-875e-c1cd70fff4eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-43936", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1425", "content": "#exploit\n#CVE-2021-43936:\nRCE in WebHMI Firmware\n\nhttps://github.com/LongWayHomie/CVE-2021-43936\n\n@BlueRedTeam", "creation_timestamp": "2021-12-14T10:00:39.000000Z"}]}