CVE-2021-38485

HIGH

Emerson Wireless Gateway Firmware <= 4.7.94 - Improper Input Validation

Title source: llm
STIX 2.1

Description

The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk.

References (1)

Core 1
Core References
Patch, Third Party Advisory, US Government Resource x_refsource_confirm
https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02

Scores

CVSS v3 8.0
EPSS 0.0087
EPSS Percentile 54.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (3)
emerson/wireless_1410_gateway_firmware < 4.7.94
emerson/wireless_1410d_gateway_firmware < 4.7.94
emerson/wireless_1420_gateway_firmware < 4.7.94
Published Oct 22, 2021
Tracked Since Feb 18, 2026