Platform
other
Component
secomea-gatemanager
Fixed in
9.6.621421015
CVE-2021-32008 is a critical path traversal vulnerability discovered in Secomea GateManager. This vulnerability allows an authenticated administrator to delete system files or directories, potentially leading to complete system compromise. The issue impacts versions of Secomea GateManager up to and including 9.6.621421014. A patch is available to remediate this vulnerability.
The impact of CVE-2021-32008 is severe. A successful exploit allows an authenticated administrator to arbitrarily delete files and directories on the GateManager system. This could lead to complete system failure, data loss, and potentially allow an attacker to gain full control over the device. The ability to delete core system files could render the device unusable and require a complete re-installation. Given the industrial control system (ICS) nature of Secomea GateManager, this vulnerability poses a significant risk to operational technology environments.
CVE-2021-32008 was publicly disclosed on March 4, 2022. While no active exploitation campaigns have been publicly reported, the critical severity and ease of exploitation make it a high-priority vulnerability. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept exploits are likely to emerge given the vulnerability's nature and severity.
Exploit Status
EPSS
0.68% (72% percentile)
CVSS Vector
The primary mitigation for CVE-2021-32008 is to upgrade to a patched version of Secomea GateManager. Consult Secomea's official advisory for the latest recommended version. If immediate patching is not possible, consider implementing strict access controls to limit administrator privileges and monitor GateManager logs for suspicious activity. While not a complete solution, a Web Application Firewall (WAF) configured to block path traversal attempts could provide a temporary layer of defense. Thoroughly test any configuration changes in a non-production environment before deploying to production.
Update Secomea GateManager to a version later than 9.6.621421014 to fix the vulnerability that allows unrestricted file system access. See the Secomea security advisory for more details and upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2021-32008 is a critical path traversal vulnerability affecting Secomea GateManager versions up to 9.6.621421014, allowing admin deletion of system files.
If you are running Secomea GateManager version 9.6.621421014 or earlier, you are vulnerable to this path traversal vulnerability.
Upgrade to the latest patched version of Secomea GateManager as recommended by Secomea. Consult their official advisory for specific version details.
While no active exploitation campaigns have been publicly confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of future exploitation.
Refer to Secomea's official security advisory for detailed information and mitigation steps. Check their website or contact Secomea support for the latest advisory.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.