Описание
E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the underlying OS.
Ссылки
- MitigationThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.31f01 (исключая)
Одновременно
cpe:2.3:o:copeland:e3_supervisory_controller_firmware:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:copeland:site_supervisor_bx_860-1240:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_bxe_860-1245:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_cx_860-1260:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_cxe_860-1265:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_rx_860-1220:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_rxe_860-1225:-:*:*:*:*:*:*:*
cpe:2.3:h:copeland:site_supervisor_sf_860-1200:-:*:*:*:*:*:*:*
EPSS
Процентиль: 8%
0.00029
Низкий
4.9 Medium
CVSS3
Дефекты
CWE-1242
Связанные уязвимости
CVSS3: 4.9
github
4 месяца назад
E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the underlying OS.
EPSS
Процентиль: 8%
0.00029
Низкий
4.9 Medium
CVSS3
Дефекты
CWE-1242