CVE-2019-9189

Name of the Vulnerable Software and Affected Versions Prima Systems FlexAir versions 2.4.9api3 and prior

Description The issue allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed due to root code execution, enabling an authenticated attacker to gain full system access.

Recommendations For versions 2.4.9api3 and prior, consider disabling the script upload feature in the main central controller configuration until a patch is available to prevent arbitrary Python script execution. Restrict access to the configuration interface to minimize the risk of exploitation.