PT-2023-8587 · Hardy Barth · Cph2 Echarge Ladestation

Ewen Coppens

Publicado

2023-12-14

Atualizado

2024-10-28

CVE-2023-46359

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Hardy Barth cPH2 eCharge Ladestation versions 1.87.0 and earlier

Description The issue exists due to the lack of measures to neutralize special elements used in the operating system command. This may allow a remote attacker to execute arbitrary commands on the system via specifically crafted arguments passed to the connectivity check feature.

Recommendations For versions 1.87.0 and earlier, as a temporary workaround, consider restricting access to the connectivity check feature until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-250CWE-78

Identificadores relacionados

BDU:2024-01230

BDU:2024-01231

CVE-2023-46359

Produtos afetados

Cph2 Echarge Ladestation

PT-2023-8587 · Hardy Barth · Cph2 Echarge Ladestation

CVE-2023-46359

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 17