CVE-2021-32498

HIGH

SICK SOPAS ET < 4.8.0 - Path Traversal and Arbitrary Executable Execution via Emulator Pathname

Title source: llm
STIX 2.1

Description

SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the emulator

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://sick.com/psirt#advisories

Scores

CVSS v3 8.6
EPSS 0.0094
EPSS Percentile 56.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (1)
sick/sopas_engineering_tool < 4.8.0
Published Dec 17, 2021
Tracked Since Feb 18, 2026