CVE-2018-7082

Name of the Vulnerable Software and Affected Versions Aruba Instant versions prior to 4.2.4.12 Aruba Instant versions prior to 6.5.4.11 Aruba Instant versions prior to 8.3.0.6 Aruba Instant versions prior to 8.4.0.0 SCALANCE (affected versions not specified)

Description A command injection issue allows an authenticated administrative user to execute arbitrary commands on the underlying operating system. This could enable a malicious administrator to install backdoors or alter system configuration without being logged. The issue is related to insufficient neutralization of special elements in the case of the SCALANCE programmable logic controller.

Recommendations For Aruba Instant versions prior to 4.2.4.12, update to version 4.2.4.12 or later. For Aruba Instant versions prior to 6.5.4.11, update to version 6.5.4.11 or later. For Aruba Instant versions prior to 8.3.0.6, update to version 8.3.0.6 or later. For Aruba Instant versions prior to 8.4.0.0, update to version 8.4.0.0 or later. At the moment, there is no information about a newer version that contains a fix for SCALANCE.