Socomec Remote View Pro

Version 2.0.41.4

CVE-2021-41871

Stored XSS in system-log (authentication attempts), makes it possible for attacker to exfiltrate an adminstrators session-cookie. The cookie is not HTTP-Only

CVE-2021-41870

Arbitrary file upload in firmware section. Clientside filetype-check makes it possible for an attacker to change filetype to .php and upload a webshell.