PT-2026-54437 · Stonefly · Storage Concentrator+1

David Yesland

·

Publicado

2026-06-30

·

Atualizado

2026-06-30

·

CVE-2026-56413

CVSS v3.1

10

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms service.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted packet containing a malicious payload that is processed without adequate sanitization, resulting in arbitrary command execution with root-level privileges.

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-56413

Produtos afetados

Storage Concentrator
Storage Concentrator Virtual Machine