CVE-2021-43555
📋 TL;DR
CVE-2021-43555 is a path traversal vulnerability in mySCADA myDESIGNER that allows attackers to write arbitrary files to the file system via malicious project imports. This can lead to remote code execution by overwriting critical files. Affected users include anyone running myDESIGNER versions 8.20.0 and earlier for industrial control system design.
💻 Affected Systems
- mySCADA myDESIGNER
📦 What is this software?
Mydesigner by Myscada
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise through remote code execution leading to industrial process disruption, data theft, or physical damage to controlled equipment.
Likely Case
Unauthorized file writes leading to persistence mechanisms, configuration manipulation, or denial of service through critical file overwrites.
If Mitigated
Limited impact with proper network segmentation and file integrity monitoring detecting unauthorized file modifications.
🎯 Exploit Status
Exploitation requires ability to import project files, which typically requires some level of access to the myDESIGNER interface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.20.1 or later
Vendor Advisory: https://us-cert.cisa.gov/ics/advisories/icsa-21-313-04
Restart Required: Yes
Instructions:
1. Download myDESIGNER version 8.20.1 or later from mySCADA. 2. Stop all myDESIGNER processes. 3. Install the updated version. 4. Restart the application.
🔧 Temporary Workarounds
Restrict Project Import Sources
allLimit myDESIGNER to only import project files from trusted, controlled sources.
File Integrity Monitoring
allImplement monitoring for unexpected file writes in system directories.
# Example for Linux: auditctl -w /etc/ -p wa -k mydesigner_files
# Example for Windows: Enable Windows File Auditing on critical directories
🧯 If You Can't Patch
- Network segmentation: Isolate myDESIGNER systems from untrusted networks and internet access.
- Least privilege: Run myDESIGNER with minimal necessary permissions and restrict file system write access.
🔍 How to Verify
Check if Vulnerable:
Check myDESIGNER version via Help > About menu. If version is 8.20.0 or earlier, system is vulnerable.Check Version:
On Windows: Check Help > About in myDESIGNER GUI. On Linux: Check application version via package manager or installed files.Verify Fix Applied:
Verify version is 8.20.1 or later in Help > About menu and test project import functionality with known safe files.📡 Detection & Monitoring
Log Indicators:
- Multiple failed project import attempts
- Unexpected file write operations in system directories
- myDESIGNER process spawning unexpected child processes
Network Indicators:
- Unusual network connections from myDESIGNER to external systems
- File transfers to myDESIGNER from untrusted sources
SIEM Query:
source="mydesigner.log" AND ("import failed" OR "file write" OR "path traversal")