What is CVE-2021-38485?

CVE-2021-38485 is a high-severity vulnerability in Emerson Wirelesshart Gateway, classified under Improper Input Validation. CVSS score: 8.0/10. Published 2021-10-22.

How severe is CVE-2021-38485?

High severity. CVSS v3 base score is 8.0 out of 10.

Improper input validation in Emerson Wirelesshart Gateway

CVE-2021-38485

The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.002 (44.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.0 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.

Affected products

Emerson Wirelesshart Gateway — versions 1410, 1410D, 1420

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

us-cert.cisa.gov/ics/advisories/icsa-21-278-02 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-38485?: CVE-2021-38485 is a high-severity vulnerability in Emerson Wirelesshart Gateway, classified under Improper Input Validation. CVSS score: 8.0/10. Published 2021-10-22.
How severe is CVE-2021-38485?: High severity. CVSS v3 base score is 8.0 out of 10.