CVE-2022-40282

Опубликовано: 25 нояб. 2022

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is BSECV-2022-21.

Ссылки

http://packetstormsecurity.com/files/170063/Hirschmann-Belden-BAT-C2-8.8.1.0R8-Command-Injection.html
Exploit
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Nov/19
Exploit
Third Party Advisory
https://www.belden.com/support/security-assurance
Broken Link
http://packetstormsecurity.com/files/170063/Hirschmann-Belden-BAT-C2-8.8.1.0R8-Command-Injection.html
Exploit
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Nov/19
Exploit
Third Party Advisory
https://www.belden.com/support/security-assurance
Broken Link

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:belden:hirschmann_bat-c2_firmware:*:*:*:*:*:*:*:*

Версия до 09.13.00r04 (исключая)

cpe:2.3:h:belden:hirschmann_bat-c2:-:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00791

Низкий

8.8 High

CVSS3

Дефекты

NVD-CWE-Other

CWE-77

Связанные уязвимости

GHSA-355f-6hm6-3cc4

github

около 3 лет назад

BDU:2022-07515

CVSS3: 9.1

fstec