How severe is CVE-2021-34605?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2021-34605?

This is classified as CWE-23, which is a common weakness in software security.

CVE-2021-34605 - HIGH Severity | CVSS 7.3

Vulnerability Description

A zip slip vulnerability in XINJE XD/E Series PLC Program Tool up to version v3.5.1 can provide an attacker with arbitrary file write privilege when opening a specially-crafted project file. This vulnerability can be triggered by manually opening an infected project file, or by initiating an upload program request from an infected Xinje PLC. This can result in remote code execution, information disclosure and denial of service of the system running the XINJE XD/E Series PLC Program Tool.

Related Vulnerabilities

CVE-2024-27199

HIGH

CVSS:7.3(High)

In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible

CWE-232024

CVE-2022-1373

HIGH

CVSS:7.2(High)

The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load ...

CWE-232022

CVE-2022-1648

HIGH

CVSS:7.2(High)

Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute ...

CWE-232022

CVE-2022-20754

HIGH

CVSS:7.2(High)

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker...

CWE-232022

CVE-2022-20755

HIGH

CVSS:7.2(High)

CWE-232022

CVE-2024-10513

HIGH

CVSS:7.2(High)

A path traversal vulnerability exists in the 'document uploads manager' feature of mintplex-labs/anything-llm, affecting the latest version prior to 1.2.2. This vulnerability allows users with the 'ma...

CWE-232024