PT-2017-16861 · Satel Iberia · Sennet Optimal Datalogger+2
Published
2017-05-19
·
Updated
2019-10-09
·
CVE-2017-6048
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Satel Iberia SenNet Data Logger and Electricity Meters versions prior to the following:
- SenNet Optimal DataLogger V5.37c-1.43c
- SenNet Solar Datalogger V5.03-1.56a
- SenNet Multitask Meter V5.21a-1.18b
Description
A Command Injection issue was discovered. Successful exploitation could result in an attacker breaking out of the jailed shell and gaining full access to the system.
Recommendations
For SenNet Optimal DataLogger versions prior to V5.37c-1.43c, update to a version that includes the fix for this issue.
For SenNet Solar Datalogger versions prior to V5.03-1.56a, update to a version that includes the fix for this issue.
For SenNet Multitask Meter versions prior to V5.21a-1.18b, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation.
Exploit
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sennet Multitask Meter
Sennet Optimal Datalogger
Sennet Solar Datalogger