Back to KEVs

CVE-2021-45420

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and...

Basic Information

CVE State
PUBLISHED
Reserved Date
December 20, 2021
Published Date
February 14, 2022
Last Updated
August 04, 2024
Vendor
Emerson
Product
Dixell XWEB-500
Description
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS Score

Score
80.81% (Percentile: 99.08%) as of 2025-07-29

Exploit Status

Exploited in the Wild
Yes (2025-07-14 00:00:00 UTC) Source

References

http://emerson.com http://dixell.com https://www.swascan.com/emerson

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-07-15 12:00:34 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel