PT-2023-1509 · Controlbyweb · Control By Web X-600M

Floris Hendriks

Publicado

2023-02-13

Atualizado

2023-02-22

CVE-2023-23551

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Control By Web X-600M (affected versions not specified)

Description The issue is related to code injection in Lua scripts, which could allow an attacker to remotely execute arbitrary code. This is due to errors in code generation. The exploitation of this issue may enable a remote attacker to execute arbitrary code by running Lua scripts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

BDU:2023-00936

CVE-2023-23551

Produtos afetados

Control By Web X-600M

PT-2023-1509 · Controlbyweb · Control By Web X-600M

CVE-2023-23551

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7