CVE-2021-43936

CRITICAL EXPLOITED

webhmi_firmware < 4.1 - Unrestricted Upload of File with Dangerous Type

Title source: llm

Exploitation Summary

CVE-2021-43936 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including Jeremiasz Pluta, LongWayHomie.

AI-analyzed exploit summary This exploit leverages an authenticated file upload vulnerability in WebHMI Firmware < 4.1 to achieve remote code execution. It uploads a malicious PHP file and triggers a reverse shell via a crafted GET request.

Description

The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution.

Exploits (2)

exploitdb WORKING POC

by Jeremiasz Pluta · pythonwebappsphp

https://www.exploit-db.com/exploits/50589

View Code ZIP pw:eip

This exploit leverages an authenticated file upload vulnerability in WebHMI Firmware < 4.1 to achieve remote code execution. It uploads a malicious PHP file and triggers a reverse shell via a crafted GET request.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WebHMI Firmware < 4.1

Auth required

Prerequisites: Valid credentials for WebHMI · Network access to target · Netcat listener on attacker machine

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 8 stars

by LongWayHomie · remote

https://github.com/LongWayHomie/CVE-2021-43936

View Code ZIP pw:eip

This is a functional exploit for CVE-2021-43936, targeting WebHMI Firmware < 4.1. It authenticates, uploads a malicious PHP file, and triggers a reverse shell via command injection.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WebHMI Firmware < 4.1

Auth required

Prerequisites: Network access to target · Valid admin credentials · Netcat listener on attacker machine

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Third Party Advisory, US Government Resource x_refsource_misc

https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/165252/WebHMI-4.0-Remote-Code-Execution.html

Scores

CVSS v3 10.0

EPSS 0.3580

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

VulnCheck KEV 2024-05-09

CWE

CWE-434

Status published

Products (1)

webhmi/webhmi_firmware < 4.1

Published Dec 06, 2021

Tracked Since Feb 18, 2026