Arbitrary Executable Execution via Path Traversal in SICK SOPAS ET (before version 4.8.0)

Arbitrary Executable Execution via Path Traversal in SICK SOPAS ET (before version 4.8.0)

CVE-2021-32498 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the emulator

Learn more about our User Device Pen Test.