Vulnerability Detail
Enriched intelligence for a single CVE
Critical
CVE-2021-45420
PUBLISHEDEmerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and...
Not yet in CISA KEV
- Vendor
- Emerson
- Product
- Dixell XWEB-500
- Published
- Feb 14, 2022
- EPSS
- —
Automate This Intelligence with the Pro API
Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.
Description
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced
CVSS Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitation Status
Exploited in the wild
Recorded 2025-07-14 00:00:00 UTC · The Shadowserver (via CIRCL)
Proof of concept available
Recorded 2026-06-12 14:20:57 UTC · Nuclei Templates
Known Exploited Vulnerability Sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| The Shadowserver (via CIRCL) First | 2025-07-14 00:00 UTC |
Scanner Integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-45420.yaml | Jun 01, 2026 |
Potential Proof of Concepts
These PoCs are unverified and could contain malware. Use at your own risk.
nuclei · Created Unknown
Timeline
-
Proof of Concept Exploit Available
-
Detected by Nuclei
-
Added to KEVIntel
-
CVE Published to Public
-
CVE ID Reserved